I: pbuilder: network access will be disabled during build I: Current time: Thu Feb 13 13:32:41 -12 2025 I: pbuilder-time-stamp: 1739496761 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: using eatmydata during job I: Copying source file I: copying [pkcs11-provider_1.0-1.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-1.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-1.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/41144/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build/reproducible-path' BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' BUILDUSERNAME='pbuilder1' BUILD_ARCH='i386' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=11 ' DISTRIBUTION='unstable' HOME='/root' HOST_ARCH='i386' IFS=' ' INVOCATION_ID='668f803670ac4b0fa81d480bdabf7e07' LANG='C' LANGUAGE='en_US:en' LC_ALL='C' LD_LIBRARY_PATH='/usr/lib/libeatmydata' LD_PRELOAD='libeatmydata.so' MAIL='/var/mail/root' OPTIND='1' PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' PPID='41144' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.aVpuEwHD/pbuilderrc_aFXg --distribution unstable --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.aVpuEwHD/b1 --logfile b1/build.log pkcs11-provider_1.0-1.dsc' SUDO_GID='112' SUDO_UID='107' SUDO_USER='jenkins' TERM='unknown' TZ='/usr/share/zoneinfo/Etc/GMT+12' USER='root' _='/usr/bin/systemd-run' http_proxy='http://46.16.76.132:3128' I: uname -a Linux ionos12-i386 6.1.0-31-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.128-1 (2025-02-07) x86_64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Nov 22 14:40 /bin -> usr/bin I: user script /srv/workspace/pbuilder/41144/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: i386 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19794 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libicu72{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 99 newly installed, 0 to remove and 0 not upgraded. Need to get 48.5 MB of archives. After unpacking 175 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian unstable/main i386 libpython3.13-minimal i386 3.13.2-1 [859 kB] Get: 2 http://deb.debian.org/debian unstable/main i386 libexpat1 i386 2.6.4-1 [107 kB] Get: 3 http://deb.debian.org/debian unstable/main i386 python3.13-minimal i386 3.13.2-1 [2266 kB] Get: 4 http://deb.debian.org/debian unstable/main i386 python3-minimal i386 3.13.1-2 [27.0 kB] Get: 5 http://deb.debian.org/debian unstable/main i386 media-types all 11.0.0 [27.6 kB] Get: 6 http://deb.debian.org/debian unstable/main i386 netbase all 6.4 [12.8 kB] Get: 7 http://deb.debian.org/debian unstable/main i386 tzdata all 2025a-2 [259 kB] Get: 8 http://deb.debian.org/debian unstable/main i386 libffi8 i386 3.4.7-1 [21.4 kB] Get: 9 http://deb.debian.org/debian unstable/main i386 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian unstable/main i386 libreadline8t64 i386 8.2-6 [173 kB] Get: 11 http://deb.debian.org/debian unstable/main i386 libpython3.13-stdlib i386 3.13.2-1 [1985 kB] Get: 12 http://deb.debian.org/debian unstable/main i386 python3.13 i386 3.13.2-1 [745 kB] Get: 13 http://deb.debian.org/debian unstable/main i386 libpython3-stdlib i386 3.13.1-2 [9952 B] Get: 14 http://deb.debian.org/debian unstable/main i386 python3 i386 3.13.1-2 [28.0 kB] Get: 15 http://deb.debian.org/debian unstable/main i386 libproc2-0 i386 2:4.0.4-7 [66.0 kB] Get: 16 http://deb.debian.org/debian unstable/main i386 procps i386 2:4.0.4-7 [876 kB] Get: 17 http://deb.debian.org/debian unstable/main i386 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian unstable/main i386 libmagic-mgc i386 1:5.45-3+b1 [314 kB] Get: 19 http://deb.debian.org/debian unstable/main i386 libmagic1t64 i386 1:5.45-3+b1 [115 kB] Get: 20 http://deb.debian.org/debian unstable/main i386 file i386 1:5.45-3+b1 [43.2 kB] Get: 21 http://deb.debian.org/debian unstable/main i386 gettext-base i386 0.23.1-1 [245 kB] Get: 22 http://deb.debian.org/debian unstable/main i386 libuchardet0 i386 0.0.8-1+b2 [69.2 kB] Get: 23 http://deb.debian.org/debian unstable/main i386 groff-base i386 1.23.0-7 [1199 kB] Get: 24 http://deb.debian.org/debian unstable/main i386 bsdextrautils i386 2.40.4-3 [96.2 kB] Get: 25 http://deb.debian.org/debian unstable/main i386 libpipeline1 i386 1.5.8-1 [41.2 kB] Get: 26 http://deb.debian.org/debian unstable/main i386 man-db i386 2.13.0-1 [1428 kB] Get: 27 http://deb.debian.org/debian unstable/main i386 libtext-charwidth-perl i386 0.04-11+b4 [9656 B] Get: 28 http://deb.debian.org/debian unstable/main i386 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian unstable/main i386 ucf all 3.0049 [42.5 kB] Get: 30 http://deb.debian.org/debian unstable/main i386 m4 i386 1.4.19-5 [301 kB] Get: 31 http://deb.debian.org/debian unstable/main i386 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian unstable/main i386 autotools-dev all 20220109.1 [51.6 kB] Get: 33 http://deb.debian.org/debian unstable/main i386 automake all 1:1.17-3 [862 kB] Get: 34 http://deb.debian.org/debian unstable/main i386 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian unstable/main i386 libdebhelper-perl all 13.24.1 [90.9 kB] Get: 36 http://deb.debian.org/debian unstable/main i386 libtool all 2.5.4-3 [539 kB] Get: 37 http://deb.debian.org/debian unstable/main i386 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian unstable/main i386 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian unstable/main i386 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian unstable/main i386 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian unstable/main i386 libelf1t64 i386 0.192-4 [195 kB] Get: 42 http://deb.debian.org/debian unstable/main i386 dwz i386 0.15-1+b1 [116 kB] Get: 43 http://deb.debian.org/debian unstable/main i386 libunistring5 i386 1.3-1 [458 kB] Get: 44 http://deb.debian.org/debian unstable/main i386 libicu72 i386 72.1-6 [9582 kB] Get: 45 http://deb.debian.org/debian unstable/main i386 libxml2 i386 2.12.7+dfsg+really2.9.14-0.2+b1 [734 kB] Get: 46 http://deb.debian.org/debian unstable/main i386 gettext i386 0.23.1-1 [1714 kB] Get: 47 http://deb.debian.org/debian unstable/main i386 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 48 http://deb.debian.org/debian unstable/main i386 po-debconf all 1.0.21+nmu1 [248 kB] Get: 49 http://deb.debian.org/debian unstable/main i386 debhelper all 13.24.1 [920 kB] Get: 50 http://deb.debian.org/debian unstable/main i386 dh-package-notes all 0.15 [6692 B] Get: 51 http://deb.debian.org/debian unstable/main i386 libtcl8.6 i386 8.6.16+dfsg-1 [1103 kB] Get: 52 http://deb.debian.org/debian unstable/main i386 tcl8.6 i386 8.6.16+dfsg-1 [121 kB] Get: 53 http://deb.debian.org/debian unstable/main i386 tcl-expect i386 5.45.4-3+b1 [134 kB] Get: 54 http://deb.debian.org/debian unstable/main i386 expect i386 5.45.4-3+b1 [159 kB] Get: 55 http://deb.debian.org/debian unstable/main i386 libidn2-0 i386 2.3.7-2+b1 [130 kB] Get: 56 http://deb.debian.org/debian unstable/main i386 libp11-kit0 i386 0.25.5-3 [423 kB] Get: 57 http://deb.debian.org/debian unstable/main i386 libtasn1-6 i386 4.20.0-1 [51.6 kB] Get: 58 http://deb.debian.org/debian unstable/main i386 libgnutls30t64 i386 3.8.9-2 [1462 kB] Get: 59 http://deb.debian.org/debian unstable/main i386 libevent-2.1-7t64 i386 2.1.12-stable-10+b1 [195 kB] Get: 60 http://deb.debian.org/debian unstable/main i386 libunbound8 i386 1.22.0-1+b1 [633 kB] Get: 61 http://deb.debian.org/debian unstable/main i386 libgnutls-dane0t64 i386 3.8.9-2 [453 kB] Get: 62 http://deb.debian.org/debian unstable/main i386 gnutls-bin i386 3.8.9-2 [696 kB] Get: 63 http://deb.debian.org/debian unstable/main i386 libeac3 i386 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [55.7 kB] Get: 64 http://deb.debian.org/debian unstable/main i386 libglib2.0-0t64 i386 2.83.3-2 [1581 kB] Get: 65 http://deb.debian.org/debian unstable/main i386 libnspr4 i386 2:4.36-1 [119 kB] Get: 66 http://deb.debian.org/debian unstable/main i386 libnspr4-dev i386 2:4.36-1 [220 kB] Get: 67 http://deb.debian.org/debian unstable/main i386 libnss3 i386 2:3.107-1 [1503 kB] Get: 68 http://deb.debian.org/debian unstable/main i386 libnss3-dev i386 2:3.107-1 [253 kB] Get: 69 http://deb.debian.org/debian unstable/main i386 libp11-kit-dev i386 0.25.5-3 [208 kB] Get: 70 http://deb.debian.org/debian unstable/main i386 libpkgconf3 i386 1.8.1-4 [38.4 kB] Get: 71 http://deb.debian.org/debian unstable/main i386 softhsm2-common i386 2.6.1-2.2+b1 [12.4 kB] Get: 72 http://deb.debian.org/debian unstable/main i386 libsofthsm2 i386 2.6.1-2.2+b1 [264 kB] Get: 73 http://deb.debian.org/debian unstable/main i386 libssl-dev i386 3.4.1-1 [2837 kB] Get: 74 http://deb.debian.org/debian unstable/main i386 libtommath1 i386 1.3.0-1 [64.8 kB] Get: 75 http://deb.debian.org/debian unstable/main i386 libtomcrypt1 i386 1.18.2+dfsg-7+b2 [407 kB] Get: 76 http://deb.debian.org/debian unstable/main i386 libstoken1t64 i386 0.92-1.1+b2 [31.2 kB] Get: 77 http://deb.debian.org/debian unstable/main i386 libtomcrypt-dev i386 1.18.2+dfsg-7+b2 [1272 kB] Get: 78 http://deb.debian.org/debian unstable/main i386 libstoken-dev i386 0.92-1.1+b2 [8204 B] Get: 79 http://deb.debian.org/debian unstable/main i386 ninja-build i386 1.12.1-1 [153 kB] Get: 80 http://deb.debian.org/debian unstable/main i386 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 81 http://deb.debian.org/debian unstable/main i386 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 82 http://deb.debian.org/debian unstable/main i386 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 83 http://deb.debian.org/debian unstable/main i386 python3-typeguard all 4.4.1-1 [37.0 kB] Get: 84 http://deb.debian.org/debian unstable/main i386 python3-inflect all 7.3.1-2 [32.4 kB] Get: 85 http://deb.debian.org/debian unstable/main i386 python3-jaraco.context all 6.0.0-1 [7984 B] Get: 86 http://deb.debian.org/debian unstable/main i386 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 87 http://deb.debian.org/debian unstable/main i386 python3-pkg-resources all 75.6.0-1 [222 kB] Get: 88 http://deb.debian.org/debian unstable/main i386 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 89 http://deb.debian.org/debian unstable/main i386 python3-zipp all 3.21.0-1 [10.6 kB] Get: 90 http://deb.debian.org/debian unstable/main i386 python3-setuptools all 75.6.0-1 [720 kB] Get: 91 http://deb.debian.org/debian unstable/main i386 meson all 1.7.0-1 [639 kB] Get: 92 http://deb.debian.org/debian unstable/main i386 opensc-pkcs11 i386 0.26.0-1 [910 kB] Get: 93 http://deb.debian.org/debian unstable/main i386 opensc i386 0.26.0-1 [415 kB] Get: 94 http://deb.debian.org/debian unstable/main i386 openssl i386 3.4.1-1 [1432 kB] Get: 95 http://deb.debian.org/debian unstable/main i386 p11-kit-modules i386 0.25.5-3 [270 kB] Get: 96 http://deb.debian.org/debian unstable/main i386 p11-kit i386 0.25.5-3 [406 kB] Get: 97 http://deb.debian.org/debian unstable/main i386 pkgconf-bin i386 1.8.1-4 [30.6 kB] Get: 98 http://deb.debian.org/debian unstable/main i386 pkgconf i386 1.8.1-4 [26.2 kB] Get: 99 http://deb.debian.org/debian unstable/main i386 softhsm2 i386 2.6.1-2.2+b1 [177 kB] Fetched 48.5 MB in 1s (86.1 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:i386. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19794 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-1_i386.deb ... Unpacking libpython3.13-minimal:i386 (3.13.2-1) ... Selecting previously unselected package libexpat1:i386. Preparing to unpack .../libexpat1_2.6.4-1_i386.deb ... Unpacking libexpat1:i386 (2.6.4-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-1_i386.deb ... Unpacking python3.13-minimal (3.13.2-1) ... Setting up libpython3.13-minimal:i386 (3.13.2-1) ... Setting up libexpat1:i386 (2.6.4-1) ... Setting up python3.13-minimal (3.13.2-1) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20128 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.1-2_i386.deb ... Unpacking python3-minimal (3.13.1-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_11.0.0_all.deb ... Unpacking media-types (11.0.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.4_all.deb ... Unpacking netbase (6.4) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2025a-2_all.deb ... Unpacking tzdata (2025a-2) ... Selecting previously unselected package libffi8:i386. Preparing to unpack .../4-libffi8_3.4.7-1_i386.deb ... Unpacking libffi8:i386 (3.4.7-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:i386. Preparing to unpack .../6-libreadline8t64_8.2-6_i386.deb ... Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8 to /lib/i386-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8.2 to /lib/i386-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8 to /lib/i386-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8.2 to /lib/i386-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:i386 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:i386. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-1_i386.deb ... Unpacking libpython3.13-stdlib:i386 (3.13.2-1) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-1_i386.deb ... Unpacking python3.13 (3.13.2-1) ... Selecting previously unselected package libpython3-stdlib:i386. Preparing to unpack .../9-libpython3-stdlib_3.13.1-2_i386.deb ... Unpacking libpython3-stdlib:i386 (3.13.1-2) ... Setting up python3-minimal (3.13.1-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21138 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.1-2_i386.deb ... Unpacking python3 (3.13.1-2) ... Selecting previously unselected package libproc2-0:i386. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_i386.deb ... Unpacking libproc2-0:i386 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_i386.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.45-3+b1_i386.deb ... Unpacking libmagic-mgc (1:5.45-3+b1) ... Selecting previously unselected package libmagic1t64:i386. Preparing to unpack .../05-libmagic1t64_1%3a5.45-3+b1_i386.deb ... Unpacking libmagic1t64:i386 (1:5.45-3+b1) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.45-3+b1_i386.deb ... Unpacking file (1:5.45-3+b1) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_i386.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:i386. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_i386.deb ... Unpacking libuchardet0:i386 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_i386.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-3_i386.deb ... Unpacking bsdextrautils (2.40.4-3) ... Selecting previously unselected package libpipeline1:i386. Preparing to unpack .../11-libpipeline1_1.5.8-1_i386.deb ... Unpacking libpipeline1:i386 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_i386.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:i386. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_i386.deb ... Unpacking libtext-charwidth-perl:i386 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0049_all.deb ... Moving old data out of the way Unpacking ucf (3.0049) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-5_i386.deb ... Unpacking m4 (1.4.19-5) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20220109.1_all.deb ... Unpacking autotools-dev (20220109.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-3_all.deb ... Unpacking automake (1:1.17-3) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.1_all.deb ... Unpacking libdebhelper-perl (13.24.1) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-3_all.deb ... Unpacking libtool (2.5.4-3) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:i386. Preparing to unpack .../27-libelf1t64_0.192-4_i386.deb ... Unpacking libelf1t64:i386 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_i386.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:i386. Preparing to unpack .../29-libunistring5_1.3-1_i386.deb ... Unpacking libunistring5:i386 (1.3-1) ... Selecting previously unselected package libicu72:i386. Preparing to unpack .../30-libicu72_72.1-6_i386.deb ... Unpacking libicu72:i386 (72.1-6) ... Selecting previously unselected package libxml2:i386. Preparing to unpack .../31-libxml2_2.12.7+dfsg+really2.9.14-0.2+b1_i386.deb ... Unpacking libxml2:i386 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Selecting previously unselected package gettext. Preparing to unpack .../32-gettext_0.23.1-1_i386.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../33-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../34-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../35-debhelper_13.24.1_all.deb ... Unpacking debhelper (13.24.1) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../36-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:i386. Preparing to unpack .../37-libtcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking libtcl8.6:i386 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../38-tcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:i386. Preparing to unpack .../39-tcl-expect_5.45.4-3+b1_i386.deb ... Unpacking tcl-expect:i386 (5.45.4-3+b1) ... Selecting previously unselected package expect. Preparing to unpack .../40-expect_5.45.4-3+b1_i386.deb ... Unpacking expect (5.45.4-3+b1) ... Selecting previously unselected package libidn2-0:i386. Preparing to unpack .../41-libidn2-0_2.3.7-2+b1_i386.deb ... Unpacking libidn2-0:i386 (2.3.7-2+b1) ... Selecting previously unselected package libp11-kit0:i386. Preparing to unpack .../42-libp11-kit0_0.25.5-3_i386.deb ... Unpacking libp11-kit0:i386 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:i386. Preparing to unpack .../43-libtasn1-6_4.20.0-1_i386.deb ... Unpacking libtasn1-6:i386 (4.20.0-1) ... Selecting previously unselected package libgnutls30t64:i386. Preparing to unpack .../44-libgnutls30t64_3.8.9-2_i386.deb ... Unpacking libgnutls30t64:i386 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:i386. Preparing to unpack .../45-libevent-2.1-7t64_2.1.12-stable-10+b1_i386.deb ... Unpacking libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:i386. Preparing to unpack .../46-libunbound8_1.22.0-1+b1_i386.deb ... Unpacking libunbound8:i386 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:i386. Preparing to unpack .../47-libgnutls-dane0t64_3.8.9-2_i386.deb ... Unpacking libgnutls-dane0t64:i386 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../48-gnutls-bin_3.8.9-2_i386.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:i386. Preparing to unpack .../49-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_i386.deb ... Unpacking libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:i386. Preparing to unpack .../50-libglib2.0-0t64_2.83.3-2_i386.deb ... Unpacking libglib2.0-0t64:i386 (2.83.3-2) ... Selecting previously unselected package libnspr4:i386. Preparing to unpack .../51-libnspr4_2%3a4.36-1_i386.deb ... Unpacking libnspr4:i386 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../52-libnspr4-dev_2%3a4.36-1_i386.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:i386. Preparing to unpack .../53-libnss3_2%3a3.107-1_i386.deb ... Unpacking libnss3:i386 (2:3.107-1) ... Selecting previously unselected package libnss3-dev:i386. Preparing to unpack .../54-libnss3-dev_2%3a3.107-1_i386.deb ... Unpacking libnss3-dev:i386 (2:3.107-1) ... Selecting previously unselected package libp11-kit-dev:i386. Preparing to unpack .../55-libp11-kit-dev_0.25.5-3_i386.deb ... Unpacking libp11-kit-dev:i386 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:i386. Preparing to unpack .../56-libpkgconf3_1.8.1-4_i386.deb ... Unpacking libpkgconf3:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../57-softhsm2-common_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2-common (2.6.1-2.2+b1) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../58-libsofthsm2_2.6.1-2.2+b1_i386.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b1) ... Selecting previously unselected package libssl-dev:i386. Preparing to unpack .../59-libssl-dev_3.4.1-1_i386.deb ... Unpacking libssl-dev:i386 (3.4.1-1) ... Selecting previously unselected package libtommath1:i386. Preparing to unpack .../60-libtommath1_1.3.0-1_i386.deb ... Unpacking libtommath1:i386 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:i386. Preparing to unpack .../61-libtomcrypt1_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:i386. Preparing to unpack .../62-libstoken1t64_0.92-1.1+b2_i386.deb ... Unpacking libstoken1t64:i386 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../63-libtomcrypt-dev_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:i386. Preparing to unpack .../64-libstoken-dev_0.92-1.1+b2_i386.deb ... Unpacking libstoken-dev:i386 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../65-ninja-build_1.12.1-1_i386.deb ... Unpacking ninja-build (1.12.1-1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../66-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../67-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../68-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../69-python3-typeguard_4.4.1-1_all.deb ... Unpacking python3-typeguard (4.4.1-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../70-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../71-python3-jaraco.context_6.0.0-1_all.deb ... Unpacking python3-jaraco.context (6.0.0-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../72-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../73-python3-pkg-resources_75.6.0-1_all.deb ... Unpacking python3-pkg-resources (75.6.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../74-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../75-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../76-python3-setuptools_75.6.0-1_all.deb ... Unpacking python3-setuptools (75.6.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../77-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:i386. Preparing to unpack .../78-opensc-pkcs11_0.26.0-1_i386.deb ... Unpacking opensc-pkcs11:i386 (0.26.0-1) ... Selecting previously unselected package opensc. Preparing to unpack .../79-opensc_0.26.0-1_i386.deb ... Unpacking opensc (0.26.0-1) ... Selecting previously unselected package openssl. Preparing to unpack .../80-openssl_3.4.1-1_i386.deb ... Unpacking openssl (3.4.1-1) ... Selecting previously unselected package p11-kit-modules:i386. Preparing to unpack .../81-p11-kit-modules_0.25.5-3_i386.deb ... Unpacking p11-kit-modules:i386 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../82-p11-kit_0.25.5-3_i386.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../83-pkgconf-bin_1.8.1-4_i386.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:i386. Preparing to unpack .../84-pkgconf_1.8.1-4_i386.deb ... Unpacking pkgconf:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../85-softhsm2_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2 (2.6.1-2.2+b1) ... Setting up media-types (11.0.0) ... Setting up libpipeline1:i386 (1.5.8-1) ... Setting up libtext-charwidth-perl:i386 (0.04-11+b4) ... Setting up libicu72:i386 (72.1-6) ... Setting up bsdextrautils (2.40.4-3) ... Setting up libmagic-mgc (1:5.45-3+b1) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:i386 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.1) ... Setting up libmagic1t64:i386 (1:5.45-3+b1) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-5) ... Setting up libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Setting up file (1:5.45-3+b1) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1) ... Setting up libelf1t64:i386 (0.192-4) ... Setting up libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2025a-2) ... Current default time zone: 'Etc/UTC' Local time is now: Fri Feb 14 01:33:08 UTC 2025. Universal Time is now: Fri Feb 14 01:33:08 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20220109.1) ... Setting up libunbound8:i386 (1.22.0-1+b1) ... Setting up libpkgconf3:i386 (1.8.1-4) ... Setting up libnspr4:i386 (2:4.36-1) ... Setting up libproc2-0:i386 (2:4.0.4-7) ... Setting up libunistring5:i386 (1.3-1) ... Setting up libssl-dev:i386 (3.4.1-1) ... Setting up libtcl8.6:i386 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:i386 (3.4.7-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:i386 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:i386 (4.20.0-1) ... Setting up netbase (6.4) ... Setting up openssl (3.4.1-1) ... Setting up readline-common (8.2-6) ... Setting up libxml2:i386 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Setting up libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-3) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-3) ... Setting up tcl-expect:i386 (5.45.4-3+b1) ... Setting up libidn2-0:i386 (2.3.7-2+b1) ... Setting up libnss3:i386 (2:3.107-1) ... Setting up pkgconf:i386 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:i386 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:i386 (2.83.3-2) ... No schema files found: doing nothing. Setting up libstoken-dev:i386 (0.92-1.1+b2) ... Setting up libp11-kit0:i386 (0.25.5-3) ... Setting up ucf (3.0049) ... Setting up libreadline8t64:i386 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:i386 (2:3.107-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:i386 (3.13.2-1) ... Setting up libp11-kit-dev:i386 (0.25.5-3) ... Setting up libpython3-stdlib:i386 (3.13.1-2) ... Setting up libgnutls30t64:i386 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b1) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-1) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-3+b1) ... Setting up python3 (3.13.1-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:i386 (0.26.0-1) ... Setting up p11-kit-modules:i386 (0.25.5-3) ... Setting up libgnutls-dane0t64:i386 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b1) ... Setting up softhsm2 (2.6.1-2.2+b1) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.0-1) ... Setting up opensc (0.26.0-1) ... Setting up python3-typeguard (4.4.1-1) ... Setting up debhelper (13.24.1) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.6.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.6.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.40-6) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-1_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture i386 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/i386-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-17) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: x86 Host machine cpu: i686 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.1 Run-time dependency libssl found: YES 3.4.1 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.107 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/i386-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja dh_auto_build -O--buildsystem=meson cd obj-i686-linux-gnu && LC_ALL=C.UTF-8 ninja -j11 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/i386-linux-gnu/libcrypto.so dh_auto_test -O--buildsystem=meson cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=11 meson test --verbose ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu' [1/29] Compiling C object tests/tdigests.p/tdigests.c.o [2/29] Compiling C object tests/tsession.p/tsession.c.o [3/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [4/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [5/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [6/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [7/29] Compiling C object tests/tfork.p/tfork.c.o [8/29] Compiling C object tests/tfork.p/util.c.o [9/29] Compiling C object tests/tgenkey.p/util.c.o [10/29] Compiling C object tests/tlsctx.p/util.c.o [11/29] Compiling C object tests/tcmpkeys.p/util.c.o [12/29] Compiling C object tests/tlssetkey.p/util.c.o [13/29] Linking target tests/tsession [14/29] Compiling C object tests/tpkey.p/util.c.o [15/29] Compiling C object tests/tpkey.p/tpkey.c.o [16/29] Linking target tests/treadkeys [17/29] Compiling C object tests/ccerts.p/ccerts.c.o [18/29] Linking target tests/tfork [19/29] Linking target tests/tdigests [20/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [21/29] Linking target tests/tcmpkeys [22/29] Compiling C object tests/pincache.p/pincache.c.o [23/29] Linking target tests/tlsctx [24/29] Linking target tests/tlssetkey [25/29] Compiling C object tests/ccerts.p/util.c.o [26/29] Linking target tests/tpkey [27/29] Linking target tests/tgenkey [28/29] Linking target tests/pincache [29/29] Linking target tests/ccerts 1/92 pkcs11-provider:softokn / setup RUNNING >>> SHARED_EXT=.so MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src MALLOC_PERTURB_=15 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ######################################## ## Setup NSS Softokn ++ command -v certutil ++ echo 'NSS'\''s certutil command is required' ++ exit 0 NSS's certutil command is required ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.03s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> SHARED_EXT=.so MALLOC_PERTURB_=212 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat Using softhsm path /usr/lib/softhsm/libsofthsm2.so ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 1613233249 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' + KEYID=0000 + URIKEYID=%00%00 + CACRTN=caCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Creating new Self Sign CA Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Fri Feb 14 01:33:32 UTC 2025 Not After: Sat Feb 14 01:33:32 UTC 2026 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:c2:8f:3b:39:97:b0:0c:55:39:f9:de:0c:51:fb:b2 27:aa:24:59:d0:56:1c:f6:3f:e1:90:05:be:f9:f9:ca 1d:f6:08:26:4b:0f:0d:38:be:eb:46:58:0b:81:8a:fc d1:cf:17:1d:41:e1:0c:bf:dd:34:ef:f3:dd:bf:eb:a7 6c:f2:81:3a:8e:55:15:ef:a2:07:c8:54:be:ee:cb:f5 9b:ee:a1:49:11:ac:84:ce:1a:f1:d3:3c:06:48:d7:c6 91:08:d8:60:5a:9f:6b:a2:73:ff:6b:cb:73:d0:9a:53 08:49:46:37:ca:ac:79:fa:80:84:65:7f:73:b8:c8:1e c3:ff:ae:7b:72:91:0e:23:7f:5a:af:f9:14:47:d0:47 99:76:a5:32:7a:83:d2:3a:f2:f2:1a:4e:14:35:a8:94 f5:ec:54:6a:f7:40:78:3c:1a:57:2a:75:14:78:d2:2a e2:52:f5:b1:30:bc:de:4f:01:aa:27:aa:df:33:8b:28 92:18:47:37:da:3d:72:47:80:58:4f:b4:ef:26:ad:5d bd:38:77:22:74:9f:bd:76:a8:3f:1d:17:ed:91:5b:f4 e3:44:e8:bc:da:15:19:48:ea:53:d3:1c:d6:53:ff:fc 79:a2:85:80:b2:bc:96:a3:19:c7:3a:ac:5c:b7:bc:98 3f Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:cd3f5a2821eb401b6138a29b6efd06b474377313 sha256:d2cd7948b26f44453b289264695c3a63deb4b4b316ab573e0286e7444e0edda0 Public Key PIN: pin-sha256:0s15SLJvREU7KJJkaVw6Y960tLMWq1c+AobnRE4O3aA= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' + cat /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Fri Feb 14 01:33:32 UTC 2025 Not After: Sat Feb 14 01:33:32 UTC 2026 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:d2:4d:4f:81:7a:51:2d:79:fc:81:da:74:7b:ff:e9 67:a2:4e:0b:20:9a:0d:ca:19:52:1d:2e:e9:83:2e:26 12:8e:46:32:3f:b0:b0:2c:7c:02:5d:3e:5b:98:e0:b3 16:85:ad:d5:bf:f7:a4:5a:53:d1:3f:e2:8a:c0:f2:fb d6:5d:08:22:51:d6:7a:29:aa:91:e6:d7:92:51:2f:44 02:df:f4:3f:ca:2a:68:eb:05:5b:12:a1:2f:69:bd:61 1f:87:82:49:d9:4d:23:68:2c:55:4f:4f:ce:67:62:b6 95:9f:a9:b0:0a:1a:50:74:32:db:54:00:4c:fa:c1:fa e0:37:35:0c:7f:58:46:11:e6:b8:5f:9c:25:aa:48:8e c9:40:c9:ce:12:9b:93:51:f0:ac:7c:f7:38:11:1a:dc 7f:56:2c:69:49:38:d7:a0:23:76:1e:3f:97:72:e2:48 49:d6:28:6f:21:b5:1a:4e:86:9f:52:6e:1f:ea:2d:38 28:ce:a1:fd:89:14:5b:c5:ff:cb:9c:16:ac:99:74:50 c5:79:97:f4:4b:bc:19:4d:ee:20:5d:90:5f:e7:23:3e a4:ed:0b:9b:e4:89:e6:0a:87:99:58:49:37:05:33:92 00:5b:66:f7:9a:8f:0f:51:41:1d:3b:46:ec:2d:bd:a6 3b Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 3bd24c4147c531f7f227b6a2869c6b665e21286d Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:3bd24c4147c531f7f227b6a2869c6b665e21286d sha256:0e13f1b39e758daeb7ae8b18340ee6eea7e72c1c32f7d2382970cbb712981266 Public Key PIN: pin-sha256:DhPxs551ja63rosYNA7m7qfnLBwy99I4KXDLtxKYEmY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410419b9c523aa10bc68028fe1ab6292ff6d8e1fbe0ba1c26c1c868e375ba55b7b00c1ece0ea74560cc86da6ac7ee9c17ee21faffcc531647609c42d660f59c84022 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Fri Feb 14 01:33:32 UTC 2025 Not After: Sat Feb 14 01:33:32 UTC 2026 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 19:b9:c5:23:aa:10:bc:68:02:8f:e1:ab:62:92:ff:6d 8e:1f:be:0b:a1:c2:6c:1c:86:8e:37:5b:a5:5b:7b:00 Y: 00:c1:ec:e0:ea:74:56:0c:c8:6d:a6:ac:7e:e9:c1:7e e2:1f:af:fc:c5:31:64:76:09:c4:2d:66:0f:59:c8:40 22 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): f1b3fac97a90d5e869d6717c1b41cb317291f5d3 Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:f1b3fac97a90d5e869d6717c1b41cb317291f5d3 sha256:532c168148b9eaec7177a8d73ca0ba5f731b4b562bdbade12dca8595ec32127c Public Key PIN: pin-sha256:UywWgUi56uxxd6jXPKC6X3MbS1Yr263hLcqFlewyEnw= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410474d68c3e01b83f8c9dea43fa87eaf8bfe326ab6985d6546fb6ac2125c813f60cfcd177c777fab8c7fa0d3d566f79c4e8326c8a8fb561de883186261ab55a45ff EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Fri Feb 14 01:33:33 UTC 2025 Not After: Sat Feb 14 01:33:33 UTC 2026 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 74:d6:8c:3e:01:b8:3f:8c:9d:ea:43:fa:87:ea:f8:bf e3:26:ab:69:85:d6:54:6f:b6:ac:21:25:c8:13:f6:0c Y: 00:fc:d1:77:c7:77:fa:b8:c7:fa:0d:3d:56:6f:79:c4 e8:32:6c:8a:8f:b5:61:de:88:31:86:26:1a:b5:5a:45 ff Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 0df1817432c3821220a45fbc9819c6921959fabf Other Information: Public Key ID: sha1:0df1817432c3821220a45fbc9819c6921959fabf sha256:94dbd8f26140b40c72601d6eee7f23ddb8cdf6dbbd9f742e8d2549ac03bda9e0 Public Key PIN: pin-sha256:lNvY8mFAtAxyYB1u7n8j3bjN9tu9n3QujSVJrAO9qeA= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' EC PKCS11 URIS + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04200968b4e83132077cc91085de77bfd03fece7d03c46370e4bb16bae9cc290bd45 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Feb 13 13:33:33 2026 CA expiration time: Fri Feb 13 13:33:32 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Fri Feb 14 01:33:33 UTC 2025 Not After: Sat Feb 14 01:33:33 UTC 2026 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: 09:68:b4:e8:31:32:07:7c:c9:10:85:de:77:bf:d0:3f ec:e7:d0:3c:46:37:0e:4b:b1:6b:ae:9c:c2:90:bd:45 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 81f342241861a2aa03a42efe96a748ee8496a1b0 Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:81f342241861a2aa03a42efe96a748ee8496a1b0 sha256:91cc51f61c3daa561797e51eb1c1520a59d4560dc0a35dba4ba5916a8f18296a Public Key PIN: pin-sha256:kcxR9hw9qlYXl+UescFSClnUVg3Ao126S6WRao8YKWo= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439bc3062cb131ab0289dd8c21a024330ea93307410189fd915e816521d8470f895e7fe1ebca72a7c87b3f309e5ac5aabff5345b5f3c4eb0a4a00 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Feb 13 13:33:33 2026 CA expiration time: Fri Feb 13 13:33:32 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Fri Feb 14 01:33:33 UTC 2025 Not After: Sat Feb 14 01:33:33 UTC 2026 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: bc:30:62:cb:13:1a:b0:28:9d:d8:c2:1a:02:43:30:ea 93:30:74:10:18:9f:d9:15:e8:16:52:1d:84:70:f8:95 e7:fe:1e:bc:a7:2a:7c:87:b3:f3:09:e5:ac:5a:ab:ff 53:45:b5:f3:c4:eb:0a:4a:00 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 81cbb2b7b231a92d30f4c029c6828e701eee795f Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:81cbb2b7b231a92d30f4c029c6828e701eee795f sha256:97d3ad7ecd54a76baad23b6748076afa1b4466a19ec18047aa8b880c8a420782 Public Key PIN: pin-sha256:l9Otfs1Up2uq0jtnSAdq+htEZqGewYBHqouIDIpCB4I= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert ## generate RSA key pair, self-signed certificate, remove public key + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Feb 13 13:33:34 2026 CA expiration time: Fri Feb 13 13:33:32 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Fri Feb 14 01:33:34 UTC 2025 Not After: Sat Feb 14 01:33:34 UTC 2026 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:e8:c6:e2:ce:71:33:b7:d0:7c:27:e3:89:d0:03:d5 aa:44:5d:d9:1c:49:86:3d:15:36:9a:d5:ec:d1:d2:d5 19:8f:6e:c8:ad:32:f1:40:01:43:17:20:cb:21:bb:2b 47:94:18:ae:6a:71:8a:70:91:ca:e5:72:98:d8:8d:6e f0:fa:15:d7:41:2b:86:60:bf:45:09:8b:ce:5c:bb:d4 71:6e:25:d1:2a:f8:59:4f:7c:40:80:01:0a:c2:e5:1a 69:ed:69:c4:b2:24:34:8f:17:9e:cc:a8:ca:b5:d1:ae b1:14:96:a1:a7:2e:b1:92:a8:6b:a7:a4:7a:a1:ac:75 4c:7d:a4:49:cf:37:46:34:c1:5e:a0:5e:3e:0f:aa:b4 c1:f0:d1:7d:d4:5d:55:fa:a8:1f:d5:70:75:fb:be:3e a4:82:13:5b:2e:1e:47:76:88:2c:7b:fa:a3:21:85:03 cc:e3:e3:3f:c0:3a:c2:3d:7a:b9:f4:a3:27:8d:e6:68 d0:d2:15:49:34:7a:ea:39:37:7a:a0:67:7f:44:eb:98 c4:2a:e4:06:ec:fd:b4:84:cc:ce:e2:b7:50:c2:7e:99 36:f0:43:5b:f8:a8:cd:12:b2:6b:ba:75:d2:1a:80:6d ea:2c:02:a0:aa:ac:df:30:62:59:fe:f6:f3:ab:c1:55 27 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): ea6d0b5b901895c594782e946d23c30f132d122f Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:ea6d0b5b901895c594782e946d23c30f132d122f sha256:a6fae0de8ead458ba65b0e622f090d9f0a9783a5577785571ca845546e573231 Public Key PIN: pin-sha256:pvrg3o6tRYumWw5iLwkNnwqXg6VXd4VXHKhFVG5XMjE= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 ## generate EC key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 046104dc03422ff59a9bf4a25b656fd9be2f9ad7ff65b056e9f9c69df02ba657c94c0fd3a0c4cad1b07dd776651ba8fe1bd913dfb947045681afe188c14e527674e229629a37223ef3b6e582e5022ebab46387fe5c58224b07dc748c3a0b539ccb677d EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Feb 13 13:33:34 2026 CA expiration time: Fri Feb 13 13:33:32 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Fri Feb 14 01:33:34 UTC 2025 Not After: Sat Feb 14 01:33:34 UTC 2026 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 00:dc:03:42:2f:f5:9a:9b:f4:a2:5b:65:6f:d9:be:2f 9a:d7:ff:65:b0:56:e9:f9:c6:9d:f0:2b:a6:57:c9:4c 0f:d3:a0:c4:ca:d1:b0:7d:d7:76:65:1b:a8:fe:1b:d9 13 Y: 00:df:b9:47:04:56:81:af:e1:88:c1:4e:52:76:74:e2 29:62:9a:37:22:3e:f3:b6:e5:82:e5:02:2e:ba:b4:63 87:fe:5c:58:22:4b:07:dc:74:8c:3a:0b:53:9c:cb:67 7d Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 15bd73f2d96fec68567d05b21dbf97a24c10d35e Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:15bd73f2d96fec68567d05b21dbf97a24c10d35e sha256:e57e1337158c917d53cf57518359c18053a746d4778cca0f0b6ce11ca3f378be Public Key PIN: pin-sha256:5X4TNxWMkX1Tz1dRg1nBgFOnRtR3jMoPC2zhHKPzeL4= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850401003405e81fefe2fffcb951beecfd538672c157d37f49d743ce317010eda101e3408fe65e27c1a23c8c09adf7d641b7a5b0f7bbdfefad3305181939182545dc51b8000fa8c9eeb2cb6f05dac671a02771fcdc2e50fd30aacef03dd828efe4e0acc614b424187ffd1c1efa4aceba0c2cf5414781da7f2d87433a47a833865ef7e23d4585 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Feb 13 13:33:34 2026 CA expiration time: Fri Feb 13 13:33:32 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Fri Feb 14 01:33:34 UTC 2025 Not After: Sat Feb 14 01:33:34 UTC 2026 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 01:00:34:05:e8:1f:ef:e2:ff:fc:b9:51:be:ec:fd:53 86:72:c1:57:d3:7f:49:d7:43:ce:31:70:10:ed:a1:01 e3:40:8f:e6:5e:27:c1:a2:3c:8c:09:ad:f7:d6:41:b7 a5:b0:f7:bb:df:ef:ad:33:05:18:19:39:18:25:45:dc 51:b8 Y: 0f:a8:c9:ee:b2:cb:6f:05:da:c6:71:a0:27:71:fc:dc 2e:50:fd:30:aa:ce:f0:3d:d8:28:ef:e4:e0:ac:c6:14 b4:24:18:7f:fd:1c:1e:fa:4a:ce:ba:0c:2c:f5:41:47 81:da:7f:2d:87:43:3a:47:a8:33:86:5e:f7:e2:3d:45 85 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 7dcdc1ddeb37b599c58b4eb9effedb1040275ebd Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:7dcdc1ddeb37b599c58b4eb9effedb1040275ebd sha256:f73e94240da4e1895731a5d5a0c5137c1bdf72bda3a9ec2bdbc3254dd1a60c55 Public Key PIN: pin-sha256:9z6UJA2k4YlXMaXVoMUTfBvfcr2jqewr28MlTdGmDFU= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' + echo 'pkcs11:type=cert;object=ecCert3' + echo '' + '[' 1 -eq 1 ']' + KEYID=0010 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 pkcs11:type=cert;object=ecCert3 Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Fri Feb 13 13:33:37 2026 CA expiration time: Fri Feb 13 13:33:32 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Fri Feb 14 01:33:37 UTC 2025 Not After: Sat Feb 14 01:33:37 UTC 2026 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:f5:c6:02:71:b4:4a:47:e7:97:db:b1:8b:45:6e:8f b3:ef:53:20:b7:26:9d:ae:e4:66:89:c7:df:5e:80:77 b9:e2:44:2a:f3:5e:e9:d4:b9:52:9e:12:9f:95:55:6b 57:89:f1:a8:23:57:a7:d2:3d:8c:e0:45:db:82:70:26 ce:e3:31:8e:86:cd:33:a2:d1:11:85:13:e1:d3:93:f8 db:0e:b7:6c:20:88:64:8d:a1:9a:f3:ed:bf:d0:15:ff 29:e6:1a:b8:92:db:fd:b0:6b:7e:e1:58:37:32:b6:6e b7:20:9a:bd:be:2f:83:7f:0e:35:b1:38:d5:8e:f0:f3 b0:62:ad:98:a6:7a:2e:1c:67:e6:4b:aa:7b:8a:96:4b 8c:24:30:5b:52:4c:6d:7e:b7:ff:d7:7d:81:4f:23:1d 2c:79:8e:36:3b:d5:63:c8:02:65:1b:60:ab:33:7b:33 3f:19:7b:a8:c4:b8:1f:97:ed:08:f5:2c:48:7d:2c:58 be:0b:7a:12:d7:35:9b:9e:b2:2d:fa:d6:32:80:50:db 3c:b4:72:e3:28:f8:d9:4f:26:dc:fe:de:e1:a7:49:04 fa:7d:52:d1:ae:7b:cd:e1:b9:61:0a:c6:27:da:11:6c 9b:51:5e:b0:e0:b9:65:12:49:e9:76:a6:68:3e:61:82 bf Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): a6076223e93637904b6daecbc715c02be52b502f Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:a6076223e93637904b6daecbc715c02be52b502f sha256:542dcf628c904e32458b72390cccb32c9cafce99c9ad0c3211c42e47c6ef47aa Public Key PIN: pin-sha256:VC3PYoyQTjJFi3I5DMyzLJyvzpnJrQwyEcQuR8bvR6o= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Fri Feb 13 13:33:41 2026 CA expiration time: Fri Feb 13 13:33:32 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Fri Feb 14 01:33:41 UTC 2025 Not After: Sat Feb 14 01:33:41 UTC 2026 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0c:5a:33:28:c0:6d:2a:a4:81:63:2c:54:3a:eb:56:30 8b:91:db:b9:bb:99:95:b0:48:72:80:f5:b4:cd:de:cb d7:96:af:aa:2c:81:19:2b:38:05:e9:d6:d9:22:3d:e1 43:8f:e7:16:65:5f:3c:d7:e2:a4:d1:e2:00:4d:b1:f2 c0:27:52:8a:93:55:5e:c5:46:b5:05:34:d8:f6:a0:ea 50:d9:4a:92:e8:02:4d:89:da:8b:01:99:9c:80:db:5c a0:e7:9b:cc:54:af:65:87:1b:36:fa:09:00:bf:0f:58 49:54:a2:74:44:96:87:c7:e7:8f:29:ec:b7:c2:18:a6 8d:8e:4a:26:fb:3b:75:ce:5e:c6:44:d0:25:98:68:fd bf:aa:16:74:54:22:d1:bd:c0:6c:ef:6e:a1:f9:ba:04 d2:bd:25:95:64:01:ca:ba:2d:06:5b:13:c2:a7:e2:ef 53:ce:dd:17:27:f7:52:22:6d:67:2e:52:40:ec:49:16 ce:9a:12:64:db:c9:b8:7e:a0:65:90:4a:38:f2:0d:9d 51:94:e0:70:29:53:ca:6f:34:ee:0d:4e:79:a7:9b:57 11:14:81:1a:33:fa:a0:2c:c4:1f:55:c1:05:c8:e6:c4 0e:20:1a:d1:5e:ec:22:73:d2:86:35:2b:fb:36:1e:8a ac:2f:98:9d:04:9a:a6:c8:dd:66:48:1a:8e:b1:b5:b2 69:4d:b2:3f:04:41:c6:99:6d:6d:98:80:70:43:74:bf e2:05:ee:d6:61:16:7f:0d:22:c8:32:7b:68:1c:bd:2f f8:44:d7:ab:5a:a2:e7:d0:1a:0d:e0:54:96:7c:24:9e c7:4c:46:39:d3:62:7f:9f:64:ae:49:55:9d:fc:a3:c7 75:53:60:72:a4:ab:8a:af:90:35:22:e2:7d:cb:84:04 89:33:be:ae:79:eb:b3:a6:d1:3f:39:5d:b9:48:ed:31 5b:a2:2e:4b:82:f9:93:de:99:58:31:01:8e:db:7f:1b d4:d3:99 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 4499a772127818bbc10d2d0d95bfbf2e8ae124a3 Authority Key Identifier (not critical): cd3f5a2821eb401b6138a29b6efd06b474377313 Other Information: Public Key ID: sha1:4499a772127818bbc10d2d0d95bfbf2e8ae124a3 sha256:6ad1e951b881b45a49b6174ec112486019c21cef0407f23042eed96dd8269e19 Public Key PIN: pin-sha256:atHpUbiBtFpJthdOwRJIYBnCHO8EB/IwQu7Zbdgmnhk= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' RSA-PSS 2 PKCS11 URIS + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' pkcs11:type=private;id=%00%11 pkcs11:type=cert;object=testRsaPss2Cert + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' + echo ' ----------------------------------------------------------------------------------------------------' + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O ## Show contents of softhsm token ---------------------------------------------------------------------------------------------------- Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439bc3062cb131ab0289dd8c21a024330ea93307410189fd915e816521d8470f895e7fe1ebca72a7c87b3f309e5ac5aabff5345b5f3c4eb0a4a00 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0000;object=caCert;type=public Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410474d68c3e01b83f8c9dea43fa87eaf8bfe326ab6985d6546fb6ac2125c813f60cfcd177c777fab8c7fa0d3d566f79c4e8326c8a8fb561de883186261ab55a45ff EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04200968b4e83132077cc91085de77bfd03fece7d03c46370e4bb16bae9cc290bd45 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850401003405e81fefe2fffcb951beecfd538672c157d37f49d743ce317010eda101e3408fe65e27c1a23c8c09adf7d641b7a5b0f7bbdfefad3305181939182545dc51b8000fa8c9eeb2cb6f05dac671a02771fcdc2e50fd30aacef03dd828efe4e0acc614b424187ffd1c1efa4aceba0c2cf5414781da7f2d87433a47a833865ef7e23d4585 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410419b9c523aa10bc68028fe1ab6292ff6d8e1fbe0ba1c26c1c868e375ba55b7b00c1ece0ea74560cc86da6ac7ee9c17ee21faffcc531647609c42d660f59c84022 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in ---------------------------------------------------------------------------------------------------- ## Output configurations Generate openssl config file + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' + cat Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + sed -e s/export/unset/ -e 's/=.*$//' + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 11.73s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> SHARED_EXT=.so MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=113 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ######################################## ## Searching for Kryoptic module ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.03s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> SHARED_EXT=.so MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=104 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.04s 5/92 pkcs11-provider:softokn / basic RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=47 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.01s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=220 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 4009F3F7:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1613233249 - SoftHSM slot ID 0x6027fc61):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1613233249 - SoftHSM slot ID 0x6027fc61):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 10.76s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=83 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.01s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=44 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.01s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=143 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.01s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=240 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 0.50s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=217 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.01s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=142 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.01s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=195 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.02s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=34 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 0.79s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=113 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.01s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=91 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.01s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=51 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.01s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=64 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 0.77s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=213 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.01s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=24 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.01s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=10 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 1.56s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=167 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.01s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=152 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.01s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=215 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.01s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=112 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.01s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=111 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.01s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=221 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.01s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=19 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr .......+...+........+...+....+++++++++++++++++++++++++++++++++++++++*...............+.+..+...+......+.+.....+...+++++++++++++++++++++++++++++++++++++++*.+.+...........+.+...+.........+..+.+..+............+....+...........+.........................+...+...+...+.....+.........+.+......+.....+.+..+.+..+.......+..................+...+.................+....+...........+....+...+........+.......+..+..........+.....+.+..............+.+..++++++ .+...+.....+....+.........+.....+....+++++++++++++++++++++++++++++++++++++++*.............+...........+....+..+.+..+.+.....+............+.......+..+...............+.+...+.....+....+..+..........+........+.+.........+.....+.+.....+......+...+............+.+..+...+.........+.........+.+...........+..........+...+..+.......+..+....+.....+.+........+...+...+....+..+.........+..........+..+...+.+.....+.+.........+...+..+......+.........+++++++++++++++++++++++++++++++++++++++*.....+....+........+.+.........+.....+...+.......+..+.+..+......+.......+........+....+...+..+......+....+..+...............+..........+........+.+.....+...............+....+..+....+............+...+...........+.+..+................+.....+.........+...+.......+...........+.+...+...+..+.+...........+.+...+............+...+......+.....+.+........+......+.+....................+............+...+....+.........+......+.....+...++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:57 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:57 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:57 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:57 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:58 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:58 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:58 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:58 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 14 01:33:58 2026 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 1.94s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=98 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.01s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=71 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.01s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=33 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.01s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=221 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.08s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=14 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.01s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=108 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.01s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=184 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.01s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=46 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 1.29s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=222 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.01s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=196 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.01s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=237 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.01s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=170 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.01s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=85 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.01s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=143 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.01s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=140 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.01s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=112 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.01s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=148 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.01s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=145 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.01s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.01s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=4 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.01s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=207 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 0.34s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=146 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.01s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=225 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.01s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=63 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 0.21s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=25 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.01s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=194 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.01s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=156 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.02s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=224 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.01s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=226 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.01s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=124 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.01s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=37 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 0.57s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=213 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.01s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=151 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.01s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=138 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.01s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=194 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.44s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=114 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.01s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=203 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.01s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=52 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.01s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=51 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 4019F1F7:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 4019F1F7:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 æ ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.07s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=186 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.01s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=100 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.01s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=88 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.01s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=109 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.06s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=163 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.01s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=72 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.01s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=181 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.01s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=51 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANJNT4F6US15/IHadHv/6WeiTgsgmg3KGVId LumDLiYSjkYyP7CwLHwCXT5bmOCzFoWt1b/3pFpT0T/iisDy+9ZdCCJR1nopqpHm 15JRL0QC3/Q/yipo6wVbEqEvab1hH4eCSdlNI2gsVU9PzmditpWfqbAKGlB0MttU AEz6wfrgNzUMf1hGEea4X5wlqkiOyUDJzhKbk1HwrHz3OBEa3H9WLGlJONegI3Ye P5dy4khJ1ihvIbUaToafUm4f6i04KM6h/YkUW8X/y5wWrJl0UMV5l/RLvBlN7iBd kF/nIz6k7Qub5InmCoeZWEk3BTOSAFtm95qPD1FBHTtG7C29pjsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQ70kxBR8Ux9/IntqKGnGtmXiEobTAf BgNVHSMEGDAWgBTNP1ooIetAG2E4optu/Qa0dDdzEzANBgkqhkiG9w0BAQsFAAOC AQEAV++snb3MGJS+siRU+UZz/neuBqR2pKuLjD2DTYO1i1+wTwd028RBgX54I6mM C2rven3eaaqXEPc6WZ8UehUH1MfoXr74LRmJVUiRYGq+xabzMsGxraKTwVUwdKA2 n9TerAp7/I9t4svaKykOqvljZOuNKRtKkspSLQIQ+/fs4LXketyKknL6xlVK5W/f BPM/i6liSFJ39WGvWHILXPv8/+W7/9Zxqf6cV+AsiJBTfKsdbHb8CmDTfkNN5L74 6ZLM90C4uqp8W3L61krNf0T9BkmKgxTkqff3bk21x98foyfPbKU+TjCxbD0WkZhl 4vdXvmyeVvRVgjDf6ZQgL6K+CA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8B571F6E12772FEF6E4EDFB80051FAC146E7AB7A28B9AE252F95D6940B7CDD0F Session-ID-ctx: Resumption PSK: 6FC1A1B3C6A0548A151FA643AAB20A357636E2CD8DA425C48C49EC6355BE9F7EE5E02917D38211431606B46A085A6528 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e7 92 68 e9 05 c3 8f ea-8d 44 a4 72 7c 97 fd e3 ..h......D.r|... 0010 - b4 c7 ee 75 cc f8 97 fe-e7 0e e1 83 de 1b 24 c8 ...u..........$. 0020 - 1e ee e9 63 30 42 f0 c0-69 b2 81 50 e0 48 be 58 ...c0B..i..P.H.X 0030 - 52 6c fb d3 dd c7 a4 a1-99 ad b9 e0 85 dd 56 bd Rl............V. 0040 - 70 ee 76 10 39 88 f6 fc-f8 45 26 68 d3 04 c5 1b p.v.9....E&h.... 0050 - 6c 0c 1a 1c 6b 51 2a a1-d6 87 f8 1b d2 cd 75 ed l...kQ*.......u. 0060 - a6 8d 87 10 db 25 b0 38-4b 26 e0 53 3e 7d 23 71 .....%.8K&.S>}#q 0070 - 49 5d 34 89 9b 33 13 b0-86 d7 1c 05 58 5a 04 4a I]4..3......XZ.J 0080 - 13 2a ea 43 76 d7 79 77-21 b6 80 3a ba b4 28 81 .*.Cv.yw!..:..(. 0090 - 70 1c ab e7 00 bf 0b 2d-78 e0 c5 fd 65 06 1c 93 p......-x...e... 00a0 - e2 73 a8 6a 0e 18 0f ad-14 67 88 c9 41 60 58 b9 .s.j.....g..A`X. 00b0 - c7 06 50 af 5b a1 3e fd-c5 fb 3c 31 41 c7 85 24 ..P.[.>...<1A..$ 00c0 - 43 c6 2e 0b a2 b6 05 85-e9 26 f7 e6 9e c5 c5 74 C........&.....t Start Time: 1739496842 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A95EEFB2D743EC486FDD0E52987CD9BE8A4E03DD781BA41E1DE2186408EEF3AD Session-ID-ctx: Resumption PSK: A1F509F189830840BCC9FA85580F8843891B6726FD425537527FF9DC9285AA3FB184AC54A76DDF9058D34E1701694D6F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e7 92 68 e9 05 c3 8f ea-8d 44 a4 72 7c 97 fd e3 ..h......D.r|... 0010 - e9 2d 21 a6 10 16 9d e5-58 a6 a0 b1 ed 94 19 68 .-!.....X......h 0020 - d5 b5 9a 54 80 ce 81 78-29 d3 57 3e b7 ee 34 0c ...T...x).W>..4. 0030 - 15 dd ba 8c bb fd 88 03-23 e2 1f 7e 26 0f da 65 ........#..~&..e 0040 - a6 d6 27 de 5b 6d 66 85-0d db a9 59 29 af 99 45 ..'.[mf....Y)..E 0050 - 5a cb 51 eb ef d0 61 01-4f ab 9f 85 0e 53 aa 6e Z.Q...a.O....S.n 0060 - 73 73 19 e6 d2 97 55 49-87 21 92 af 5f ad 50 9c ss....UI.!.._.P. 0070 - f5 c1 ae 5d af 88 6c 2f-83 75 2d 95 81 34 95 dd ...]..l/.u-..4.. 0080 - 1f 4d 40 38 1b 61 dc 88-29 21 94 7a b1 7d a5 0b .M@8.a..)!.z.}.. 0090 - a6 0e 95 d9 41 c2 b0 d9-4f 1a 58 24 b8 eb 3e 9c ....A...O.X$..>. 00a0 - b0 51 56 d0 7d 4f 14 3c-25 43 d8 87 30 bd 06 61 .QV.}O.<%C..0..a 00b0 - 53 e3 ef a0 f1 72 8f e9-96 b0 60 93 61 fc a0 4c S....r....`.a..L 00c0 - f6 9c f7 0c 27 4b 91 12-29 4d c8 fd fa 4e e2 1e ....'K..)M...N.. Start Time: 1739496842 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40F9F7F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIJUpsuQlpkWwpMgpDs8Lm2tN+ca4EgUQaAQ4cb49KxNj BDCh9QnxiYMIQLzJ+oVYD4hDiRtnJv1CVTdSf/nckoWqP7GErFSnbd+QWNNOFwFp TW+hBgIEZ66diqIEAgIcIKQGBAQBAAAArgYCBAVrp9OzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 14 01:34:02 2025 GMT; NotAfter: Mar 16 01:34:02 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUMuMlZJGSB37IfdifHVd3t7w8DBwwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE0MDEzNDAyWhcNMjUwMzE2MDEzNDAyWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQD1xgJxtEpH55fbsYtF bo+z71MgtyadruRmicffXoB3ueJEKvNe6dS5Up4Sn5VVa1eJ8agjV6fSPYzgRduC cCbO4zGOhs0zotERhRPh05P42w63bCCIZI2hmvPtv9AV/ynmGriS2/2wa37hWDcy tm63IJq9vi+Dfw41sTjVjvDzsGKtmKZ6Lhxn5kuqe4qWS4wkMFtSTG1+t//XfYFP Ix0seY42O9VjyAJlG2CrM3szPxl7qMS4H5ftCPUsSH0sWL4LehLXNZuesi361jKA UNs8tHLjKPjZTybc/t7hp0kE+n1S0a57zeG5YQrGJ9oRbJtRXrDguWUSSel2pmg+ YYK/AgMBAAGjaTBnMB0GA1UdDgQWBBRKuwXGai9N8tMALO5PfqGJpCZtEDAfBgNV HSMEGDAWgBRKuwXGai9N8tMALO5PfqGJpCZtEDAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEATmBaYGHwhoO+ Mmo+SlC8Z7lMblkDyXtJXzgqERnY6/NJ+qFQuGjj6MuZJz+iZ0qZp0YIorlRh39A O9IRzjfZzZxpzqdpXsAhzbVfvg9o17wyMwKjKJsEfn++YPQq7785QPQxLaHdHk8z 8wAjRsCdrZUZrVypD3/kzWBg92VVCZRIamj9aASjMpmai1/LOwAy9DiPs+dV4ra6 QKky2rMxsiZo4bwKEhCpDwWgsybh1LhT0klmrrdJGeSYslcBH1lBIAMdWPnY8Zer AV8BPl8L4hfm2RuitVAGwxLG6+pN5N3Pc0SkcWfErJmNGFqX1YB3YuZ6cFtplrPU Y8VJ9EWhyA== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 60391EC074C7AEB0FE042C74F9B380966D83B70EADBEABF7EDF1877432B51D7E Session-ID-ctx: Resumption PSK: 3D717AA050BAA8EB0E025E847A88FC05F96C779DC6A60C827B3E62BDD155E77650169965771A2656AA5909532A0F8F01 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 55 c8 4f 82 18 c6 01 55-79 87 91 b5 11 a3 a8 84 U.O....Uy....... 0010 - cc a6 d2 7e 17 3d 5e 6f-7c 97 1e 21 ad 76 a4 c5 ...~.=^o|..!.v.. 0020 - 4f 9e e4 02 cd a7 b8 21-a1 e3 02 9c 8a a1 b5 a2 O......!........ 0030 - b6 25 19 e6 29 80 f4 c5-2d f8 26 60 77 02 12 8d .%..)...-.&`w... 0040 - e4 a5 02 33 df 6d 89 43-0f d7 bf 41 27 5e 4d 99 ...3.m.C...A'^M. 0050 - 46 53 02 39 b0 e6 98 7c-48 fb fd c2 87 3f cb a2 FS.9...|H....?.. 0060 - c6 a1 9f 34 6f 1b 52 a6-e9 ad 29 f0 3f 35 c1 d5 ...4o.R...).?5.. 0070 - d2 cb f0 3a 01 ff 1a 08-5a 12 7f b3 78 fd 04 a4 ...:....Z...x... 0080 - ef de cb 0b 33 2f 7b f3-b3 b7 dd ca 42 56 50 80 ....3/{.....BVP. 0090 - 67 2a 72 b7 66 15 72 55-ab 73 4a dc 7b 04 4c 86 g*r.f.rU.sJ.{.L. 00a0 - 87 4d 69 b6 ea 4d f3 00-c3 9f b9 e0 75 74 a1 63 .Mi..M......ut.c 00b0 - a4 0b ca ea de a4 37 f3-1f ba a2 7e 90 bc 99 43 ......7....~...C 00c0 - 14 11 a5 92 8a ef 0b bd-98 43 8c 8a 25 11 53 a9 .........C..%.S. Start Time: 1739496842 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9D33FAE8EAC8610AFEBCFEC2A58F777FD5BD8BF30A4FF8C284D722ACE8E62C88 Session-ID-ctx: Resumption PSK: CBD0D72ED4C76338757B107566026A53AEA3FFABFE51F6B6493D563B59F314AFA505632A488D6FE5DFF5F5B04519E55F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 55 c8 4f 82 18 c6 01 55-79 87 91 b5 11 a3 a8 84 U.O....Uy....... 0010 - c5 b4 1e 16 5c 05 eb 37-8c 61 d3 54 61 20 47 d1 ....\..7.a.Ta G. 0020 - 38 70 04 d7 05 63 52 75-15 bb 27 73 98 a6 41 8d 8p...cRu..'s..A. 0030 - 28 fc 5f aa d1 fd 3f 1f-36 00 58 fe d1 e1 13 6a (._...?.6.X....j 0040 - bf 5b 5d 6b 1e 8f c2 49-3e b2 30 2c ce 2e d7 7a .[]k...I>.0,...z 0050 - ef 16 9a 8e 94 ff 85 53-9d 6f b8 56 39 7f 5e 67 .......S.o.V9.^g 0060 - d5 96 b8 e0 f8 fb fe 9b-eb 6f 55 d1 d7 51 19 e3 .........oU..Q.. 0070 - a2 cf f8 95 dd 7a 16 2e-93 6d 3d 6b c3 ce 16 f4 .....z...m=k.... 0080 - e8 e5 e1 ab a0 0b a3 b7-4f b9 4a 41 2f bb 41 51 ........O.JA/.AQ 0090 - 86 41 ce 09 e4 b1 f7 c1-69 b9 fb 9b 18 7e 7f f2 .A......i....~.. 00a0 - e2 87 d4 14 c4 3a 8c a8-4c 22 a4 38 82 4b a9 6a .....:..L".8.K.j 00b0 - 61 51 d4 bc 52 49 b9 b8-97 d0 5c 6a e5 0a 0e fe aQ..RI....\j.... 00c0 - f6 26 a2 e9 dd 8f 20 d9-c5 cd b3 3a 2a 5d f2 c5 .&.... ....:*].. Start Time: 1739496842 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40F9FDF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIFGFM42Sh+UvuynGX+8sQmGreuqCOfpoE497pJmFQc0N BDDL0Ncu1MdjOHV7EHVmAmpTrqP/q/5R9rZJPVY7WfMUr6UFYypIjW/l3/X1sEUZ 5V+hBgIEZ66diqIEAgIcIKQGBAQBAAAArgYCBFGhZkCzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 14 01:34:03 2025 GMT; NotAfter: Mar 16 01:34:03 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUDex3K/z4+a3yL8L9NXR/ripcu9AwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE0MDEzNDAzWhcNMjUwMzE2MDEzNDAzWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwxaMyjAbSqkgWMsVDrr VjCLkdu5u5mVsEhygPW0zd7L15avqiyBGSs4BenW2SI94UOP5xZlXzzX4qTR4gBN sfLAJ1KKk1VexUa1BTTY9qDqUNlKkugCTYnaiwGZnIDbXKDnm8xUr2WHGzb6CQC/ D1hJVKJ0RJaHx+ePKey3whimjY5KJvs7dc5exkTQJZho/b+qFnRUItG9wGzvbqH5 ugTSvSWVZAHKui0GWxPCp+LvU87dFyf3UiJtZy5SQOxJFs6aEmTbybh+oGWQSjjy DZ1RlOBwKVPKbzTuDU55p5tXERSBGjP6oCzEH1XBBcjmxA4gGtFe7CJz0oY1K/s2 HoqsL5idBJqmyN1mSBqOsbWyaU2yPwRBxpltbZiAcEN0v+IF7tZhFn8NIsgye2gc vS/4RNerWqLn0BoN4FSWfCSex0xGOdNif59krklVnfyjx3VTYHKkq4qvkDUi4n3L hASJM76ueeuzptE/OV25SO0xW6IuS4L5k96ZWDEBjtt/G9TTmQIDAQABo2kwZzAd BgNVHQ4EFgQUttjbz8HhS6EHBt7wJIuRK3s1FwwwHwYDVR0jBBgwFoAUttjbz8Hh S6EHBt7wJIuRK3s1FwwwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAROVfH+WnPv8HJCS6NBDYS3+8GWvzRn kIQu2RtApXpiNqIZq+HjfKdcJxrQOrGMnxukWBRLzD9SktQc9SYh9iKTkgXBnQBM DqM4gwwZ0K3askSftJcrUb951W7nT9B3fmtKiDHZjAF4ufFXWQA6BrEW4WGdqdLT CscPQzGeod7nZNmAl17RPftdHY8tJJruECX6e/tkqr2EY9oX1M1Bzv9Lj65N8qdN hXp8+Yc0W8QisviDqJIM+p7YLuo0Ax4cXzznWDbut07KBAIFCxdZJK1Uk0KGgv00 rlE5gOXZoPAx0kSWjzYMO9iz/8DThCWDE0rQX+ztD07QjdNVIbX6pB2sPSQC+Dz9 FnTCMhth+P6HopktlrDFI2Cv74F805p4rJTUlXo7OJSfLKRCetlQTnqBibe/yDci a+Dfy9GF7K6PV3BYPG/7gUr64jKIUsvTXln+XZwAPdI/esh6L/OnI6z4oVfqRlqJ 4FFyAspZFu4mdIsMmKaGTl3xV1VLLOxP9cukSg== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B9A080EF7BFA65EBEBBC5AA98DEB6F0C57417B4FF997CD60B5D9BD5BA1CC0F34 Session-ID-ctx: Resumption PSK: CD221D5171424A49EB91EADBC0380EE041CE591BED81D3094ACF5F4590FA4FD2683088F18A31CC5434A0CA261CE6A4C0 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f5 f9 d0 0d d4 64 49 bf-0d f8 6a e4 46 87 fe e6 .....dI...j.F... 0010 - 88 9c 90 31 b5 e8 6a 02-99 ec 86 87 d1 23 a8 c9 ...1..j......#.. 0020 - 7f 3a 3d f8 4b d8 e8 22-b3 8c 31 5d 0b ca 61 3d .:=.K.."..1]..a= 0030 - da 5b 1e 54 f0 d5 6f e4-f5 2d 1f 95 ea 26 51 7e .[.T..o..-...&Q~ 0040 - b8 77 71 2b 43 65 9d 2b-20 9b 16 18 a5 cb 0b cb .wq+Ce.+ ....... 0050 - 28 6c 2a 5e f5 18 7f d2-cb 5b 12 86 a2 ee b6 fb (l*^.....[...... 0060 - 79 9f 53 d9 e2 1e b8 f3-12 3d 18 0a c2 85 38 ce y.S......=....8. 0070 - ae 56 9d c5 bc ac dc 27-fd 71 12 79 59 60 6d df .V.....'.q.yY`m. 0080 - 98 5a bc 52 a9 32 05 d8-cc 20 29 ec 9a 03 91 e7 .Z.R.2... )..... 0090 - a0 1c 61 c9 28 6f 7e 9f-0e 2f d6 c0 80 26 08 59 ..a.(o~../...&.Y 00a0 - ae ff fe 05 f9 b6 7f b0-b6 48 ff 76 e8 3d 85 24 .........H.v.=.$ 00b0 - 79 b9 83 9a 9a 8c d5 30-8f a3 b8 23 c3 63 76 fe y......0...#.cv. 00c0 - e0 b4 dc c7 2c e0 c9 bf-a0 31 9b 5b 0f c7 f2 5f ....,....1.[..._ Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 94CB3A92EC96D92D30232BF854C78B8EF09E0EC49D11FD41F89202A98FD023D2 Session-ID-ctx: Resumption PSK: F3B529B988D173ED4109ACEC75ECF1AB98639F7B3807DE79BBEA48A9415650E78F46CA8F82BF5034ACC3EBB0D0ECF16C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f5 f9 d0 0d d4 64 49 bf-0d f8 6a e4 46 87 fe e6 .....dI...j.F... 0010 - 9b c9 29 2b 86 a8 9d fb-6a 15 22 88 8f 59 39 ba ..)+....j."..Y9. 0020 - 8f 83 43 9f 01 3e 45 24-e7 91 21 84 c8 1a d9 31 ..C..>E$..!....1 0030 - 0d fe 53 3c d2 27 5d d4-dd da 84 7e 9e 61 4a 84 ..S<.']....~.aJ. 0040 - 95 7b ef 6a 87 7c e9 1b-8a 40 43 d5 a0 59 93 ae .{.j.|...@C..Y.. 0050 - a0 a9 6a 39 0b ba b1 1b-d5 54 24 65 c3 37 52 d1 ..j9.....T$e.7R. 0060 - 68 62 a0 63 db 1d c9 1b-78 02 80 af bc 8e 69 5d hb.c....x.....i] 0070 - 06 bc 0e 68 10 24 3c 40-87 97 51 a0 3f 17 c3 5d ...h.$<@..Q.?..] 0080 - 26 c8 28 09 9c 0c fe 3b-ff ec 78 4b 1a dc 80 0f &.(....;..xK.... 0090 - ae 7a d8 f3 3c bd f8 cc-f5 a2 2e a1 af ed bb 16 .z..<........... 00a0 - 4a a3 ec 62 72 75 8e f6-8b 2a 03 72 7f 40 66 45 J..bru...*.r.@fE 00b0 - 8b c2 4f 8a 53 78 b8 7e-f8 a1 9c a4 44 96 cb b8 ..O.Sx.~....D... 00c0 - 5e 32 6a 6b 04 c6 55 ad-8a 25 ef 36 d4 d8 23 91 ^2jk..U..%.6..#. Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4099ECF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIDX7+IWiKhkO0ZtwdvMEOLoVY8PAnFjcFNJcnkeU63a5 BDDztSm5iNFz7UEJrOx17PGrmGOfezgH3nm76kipQVZQ549Gyo+Cv1A0rMPrsNDs 8WyhBgIEZ66di6IEAgIcIKQGBAQBAAAArgYCBFnXrUCzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQZucUjqhC8aAKP4atikv9tjh++C6HCbByGjjdbpVt7AMHs 4Op0VgzIbaasfunBfuIfr/zFMWR2CcQtZg9ZyEAio4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFPGz+sl6kNXoadZxfBtByzFykfXTMB8GA1UdIwQYMBaAFM0/ Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQBPYj1b0kuufG+E 3L76kpoUEDNYWSvUII7dePkNbmTD17tNsJCXFIk2knBrAUhw/lfnkvTTTTIZQZQC /SI1SmnZPowQYR1qArhP99+d8axp1N6N6z+ZzokX9bw96AF91KDFuRflCvnXZJl2 sa6Jdx/ZGVobbLC1xsYmblR/yp1AwKS5qf9dQYaFgcszfWkcbLr2QmGUteBLbDVs D3t8kuhLGO51v3F1bd9FbsV530dVboo6dYmZD4hhcHIiOMrPEq2frYD9v/rzc8ME B3+6UyzbOjFDIQxnKoGBr+M+18yMU1zCRyjVAAVPJeuUoQ/jsTccxlH6MQQNj/1R cqFKt/NK -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1001 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 76436CA5A49C4F51E8C06ACDBFC3CCEC0FB2095D250189D1B38BE1D1B52BBF78 Session-ID-ctx: Resumption PSK: 821A0EEA34DEF2E88FD4890D4547D97F57787DC596B83690342453368C51B55A9FB4C11520A8DB2996480165294B90BF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9e af 8b de 65 1a eb 84-d6 5d e2 ff 45 0c 61 dd ....e....]..E.a. 0010 - 5c 63 2d b3 1d 8c d7 9e-50 47 c5 b7 bf f2 c5 f8 \c-.....PG...... 0020 - 8b 6c 99 59 ab 2d 62 9a-1e 49 e9 65 02 ed 3c f4 .l.Y.-b..I.e..<. 0030 - 62 27 d8 6a 12 86 3f d1-b7 96 c6 bc 83 75 07 02 b'.j..?......u.. 0040 - 6c 3c ca 4b 27 77 57 5e-e1 a1 58 42 ff d5 d7 22 l<.K'wW^..XB..." 0050 - b2 f7 d9 f8 62 ef c8 a8-86 1a 59 6c 97 b4 29 fd ....b.....Yl..). 0060 - de a7 64 12 9e 82 06 1a-5a 96 0a fe 00 da 08 97 ..d.....Z....... 0070 - c7 23 1e 3f 05 36 7c 02-1f e0 c7 6e bf 34 0a c9 .#.?.6|....n.4.. 0080 - b6 43 d6 87 a3 a3 08 d8-58 7c 3e ef 31 a5 60 99 .C......X|>.1.`. 0090 - 45 b4 46 b7 2b ce f1 8a-db 5e 1b 10 dd e6 e1 88 E.F.+....^...... 00a0 - d0 54 1c 3b 86 4f 03 7f-0a 71 cd 15 08 64 93 92 .T.;.O...q...d.. 00b0 - d6 ab c4 85 41 11 aa ae-98 1d 3a 05 07 6f f8 bc ....A.....:..o.. 00c0 - d1 98 22 f6 ee 1a 39 0f-b2 dc 53 59 d7 7d 5d 93 .."...9...SY.}]. Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3DC24449D71924D6D444E1B4F73D49DF123917A30F3BAC26B80C28234CBC9677 Session-ID-ctx: Resumption PSK: DFDDFAE12DCDA12F9FAA8DC86C2C6BDFEFDB54CEDED069EEE880490723FFBACED8064975C24797D346F31989240586C0 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9e af 8b de 65 1a eb 84-d6 5d e2 ff 45 0c 61 dd ....e....]..E.a. 0010 - 0a 7c 2f b6 bc e2 0d 6c-4d 10 e4 42 57 ec 4e b6 .|/....lM..BW.N. 0020 - fd 4e e5 65 28 2f d2 0c-01 25 b5 4d 56 ee cd 83 .N.e(/...%.MV... 0030 - 27 95 4f 18 36 34 ad 4e-22 ec 11 5c 8b 0f 9c 40 '.O.64.N"..\...@ 0040 - 59 00 06 f8 ac 97 5f 86-39 5c dd d9 4b da 06 b2 Y....._.9\..K... 0050 - a0 0b 2c f1 dd be 5c 2c-7e a6 09 e1 a7 7f ad 88 ..,...\,~....... 0060 - 25 ec 7e ec e2 ef 68 9a-9a e9 c8 65 ea d0 c8 87 %.~...h....e.... 0070 - ed a6 0a 3c cc 96 7b 36-93 92 13 52 a0 5b 14 17 ...<..{6...R.[.. 0080 - 71 fb b0 b0 0e a1 09 a1-31 d4 70 15 31 ee d9 7a q.......1.p.1..z 0090 - bf 31 f7 48 d4 bf 28 87-de 8c 01 52 ae c9 73 75 .1.H..(....R..su 00a0 - 46 85 60 cf 65 46 f6 3b-fb fa 30 96 49 ba 69 47 F.`.eF.;..0.I.iG 00b0 - f3 c1 c6 84 6a cb bc f1-80 d8 1e 2c 93 90 1c 3d ....j......,...= 00c0 - c8 e3 28 5b 40 2a 92 64-c5 4b 24 95 33 80 e5 c5 ..([@*.d.K$.3... Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40D9FAF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIL3uSuL57ffuy7wn45NFVCgQUYWfrWpj00K0hLpcd143 BDDf3frhLc2hL5+qjchsLGvf79tUzt7Qae7ogEkHI/+6ztgGSXXCR5fTRvMZiSQF hsChBgIEZ66di6IEAgIcIKQGBAQBAAAArgcCBQCOxlPTswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:33 2025 GMT; NotAfter: Feb 14 01:33:33 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMzWhcNMjYwMjE0MDEzMzMzWjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAAlotOgxMgd8yRCF3ne/0D/s59A8RjcOS7FrrpzCkL1Fo4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFIHzQiQYYaKqA6Qu/panSO6ElqGwMB8GA1UdIwQY MBaAFM0/Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQAuEZff pYHyAJp1S/ijfS81IXnwoa0xz4Q/EQWx/pUzYKCPtIuF3mldA/gFPH4R/x6L+DdZ eOXzjpkUWEdD1aM9+RXBPUWoyO3CXq5hF5nKelg2dLmNAp7Yp1Ddj6lPnGOHTV/j 3ZNelM4ARCBo7e9xTmWf+voeXTlKQFbLGjuNEo4fwMA6Wtvt8rdc3Z9PH+ICJ29w ZNjS4kqtK6q4XwGSe1ZVD/YG2vMbmBYpNNHBaICxYKmIxWa7Iex1MG0TS86xuqaT qyU439/UMa8itmiHTP0aK3ye0tDd4hTDCYtr2glmGSNjPXtMHtYfA1KkMlTinCqC fHv4fIVDpvDOmakv -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: D9E527FF8F3E2EC29994A983A91715F2AC475EC28209978F822E72A6D5BE6458 Session-ID-ctx: Resumption PSK: 754606D8EF3C5098DF6F4D8E8A3688065B9CB4865812526795B29652173B07DB04C21478781395DC5893023BCA5EBA03 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 31 4c fb 35 11 46 7e 5a-a3 56 08 cf 37 a4 bd 82 1L.5.F~Z.V..7... 0010 - 07 0f 63 d2 02 65 55 74-40 9a b4 18 60 b0 9e 07 ..c..eUt@...`... 0020 - ba 05 3f 27 00 2d e8 3f-08 f4 51 f3 54 2d 0b a4 ..?'.-.?..Q.T-.. 0030 - 84 92 0d 06 76 0c 2e 42-94 49 f3 2d 91 e4 14 24 ....v..B.I.-...$ 0040 - 1c 29 d3 87 f9 6e f4 6d-19 a0 c9 db 3c cb 69 a8 .)...n.m....<.i. 0050 - c0 4e 1b de 4c fd 2e 69-cc 90 a1 9d 97 57 c3 29 .N..L..i.....W.) 0060 - b5 f8 8c 39 4b 9d 4a 9d-5c 7d 7d 72 57 8b c7 d5 ...9K.J.\}}rW... 0070 - d9 7e 42 ad bf 21 07 52-e4 a8 68 d4 43 d0 af 49 .~B..!.R..h.C..I 0080 - 37 34 76 7d 37 7f 3e c6-c0 06 00 1c 3d e2 cd 89 74v}7.>.....=... 0090 - 17 82 a8 95 08 62 4c 02-e0 74 fa 67 cf 8d 34 ae .....bL..t.g..4. 00a0 - bf 6e d4 ab 45 a3 f4 51-7e 13 5a 94 7b d3 44 da .n..E..Q~.Z.{.D. 00b0 - ae fc 2d 17 48 2a 18 ef-38 b4 3b 0a 0e 03 9d 3a ..-.H*..8.;....: 00c0 - c1 34 50 40 4c 52 8d 99-18 cd 63 3f 2d 41 83 a2 .4P@LR....c?-A.. Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7CA57062B1F8816657B98BFFCB354F2EBA7F334B6D4170D9E2395F9171BE8EA4 Session-ID-ctx: Resumption PSK: 1C3A6486BE470192A2981AB00724854F04BB2B46B49C4D924BBA5B11909C1D264DE4B58A3D283759CEAD7294F968C1CC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 31 4c fb 35 11 46 7e 5a-a3 56 08 cf 37 a4 bd 82 1L.5.F~Z.V..7... 0010 - 75 bf 80 d0 67 34 d4 d3-c1 fb 73 63 5c a7 07 23 u...g4....sc\..# 0020 - 37 a9 36 fc 8f 44 0a 99-08 f7 d1 c0 2f 4d 90 a7 7.6..D....../M.. 0030 - df 92 af cc 6c 7b ff 79-08 08 0c 3c 85 e4 f7 36 ....l{.y...<...6 0040 - 72 30 cf 60 aa 63 df dd-80 d8 9d 0e 28 a3 a5 c8 r0.`.c......(... 0050 - 2a 07 d6 8f b6 28 80 0d-5d 7c 6b d1 56 d8 a8 43 *....(..]|k.V..C 0060 - 40 a3 62 f6 00 77 f2 23-0d d4 fe 53 9c 9f 7f 62 @.b..w.#...S...b 0070 - 1d 28 2b 7b 7e c2 29 d8-9a eb aa 17 c5 95 2a b7 .(+{~.).......*. 0080 - 69 6d 5b 5b 2e 06 73 3f-0c 41 94 ce b1 5a 4e 6f im[[..s?.A...ZNo 0090 - ee d2 a8 a3 f5 f0 73 ab-cc 67 c5 5f a9 5c 04 28 ......s..g._.\.( 00a0 - b0 31 a1 f8 7d 6a 34 92-8d 86 76 d9 69 d3 d2 c4 .1..}j4...v.i... 00b0 - b2 8c ec c6 e5 8f b9 6a-68 06 bd 62 7f 29 c1 b0 .......jh..b.).. 00c0 - 67 69 cf 6c d5 66 83 32-2c da e8 d9 0c f9 c4 c5 gi.l.f.2,....... Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40F9EBF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEICHa6Ara2qZqtKBn6+ZmqvIMPYK87sy8Vu+jVR0L3DuO BDAcOmSGvkcBkqKYGrAHJIVPBLsrRrScTZJLulsRkJwdJk3ktYo9KDdZzq1ylPlo wcyhBgIEZ66di6IEAgIcIKQGBAQBAAAArgcCBQCZ5p+PswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:33 2025 GMT; NotAfter: Feb 14 01:33:33 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMzWhcNMjYwMjE0MDEzMzMzWjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgC8MGLLExqwKJ3YwhoCQzDqkzB0EBif2RXoFlIdhHD4lef+HrynKnyHs/MJ5axa q/9TRbXzxOsKSgCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUgcuyt7Ix qS0w9MApxoKOcB7ueV8wHwYDVR0jBBgwFoAUzT9aKCHrQBthOKKbbv0GtHQ3cxMw DQYJKoZIhvcNAQELBQADggEBAA+Yw3PPKesu/yxT2V/K6Q1HccH4b2ACUF+JpNoZ 4R3eXNOERBg1BYzYEWqF/y5GdqWsml98pt8ASFGzGMZQnpNrsSVa9A/DT+WDuyJZ Cyj7fDBOduoKwRWzHHmWC1ekeAqKGqpM9fdD0a6vMwUoIck0/Qgl9ZkKJWLl0Ie4 qvcz+TbIKCJB1W/3EyYRCoOvBqMvq8nJFS6jhq3tkERdgezM5BHD7TyhpBdfDceX yKi7eqEsR5ams5/roEr6IYNVT7DWECAmfYh7AvxRZTCdMKT4OSwhwW7HMrZA4ouW nxHKJud2D+th5iPaGtmk2abYzTfknxBFY50NKsYaWI8K/PQ= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 98D0C84E66679A8B16A344306406D25A343E28CA07D9857B1D23630D4DE26899 Session-ID-ctx: Resumption PSK: CDA70F3D3E2F41E86F33566224D4B04D044CCD60080D04DBE8D1263CD36A9FDFB3BB4D8132D07425A2A74A4D257D16BC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ba 94 87 c2 e8 b0 b9 2f-20 ee 73 e9 ac 85 ec f6 ......./ .s..... 0010 - bf 09 cd d4 42 9f 4a 1c-0f dc 4d 14 e1 0e 75 e7 ....B.J...M...u. 0020 - 0f 47 c6 23 01 16 b1 da-91 47 a8 4a d5 49 09 08 .G.#.....G.J.I.. 0030 - 87 37 b7 44 7c 01 a9 29-3c b3 21 25 ba 54 04 48 .7.D|..)<.!%.T.H 0040 - 21 cf 47 8a 12 e7 b9 8a-a7 6c 79 15 f4 b5 a8 94 !.G......ly..... 0050 - d6 5e 88 5f 14 d4 4b 6c-cf b1 12 8b 73 ab 74 0e .^._..Kl....s.t. 0060 - a9 73 ae e4 35 50 d3 e4-cb cf 49 8a 91 3b 18 8c .s..5P....I..;.. 0070 - 05 81 43 c0 56 45 66 da-e7 da b5 f7 e5 33 d4 99 ..C.VEf......3.. 0080 - ac 6b 54 4b 81 3d 55 e7-ee b3 c0 0a 6f d0 bd 06 .kTK.=U.....o... 0090 - 9d df b5 4b cf 22 9d c2-c6 d4 a0 b8 fc bd e7 22 ...K."........." 00a0 - 08 e5 43 a2 4f 36 3a 21-58 38 cc c4 70 48 14 8c ..C.O6:!X8..pH.. 00b0 - 53 0e ff 1f 5d cb 0d 7e-3b e9 3d 4b 65 d2 92 62 S...]..~;.=Ke..b 00c0 - d2 47 ee 2d da cc 83 2a-42 72 cd a4 74 31 7b cc .G.-...*Br..t1{. Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 858448E8D38B0403FF4F46808A5743F06AE3957851187489B757D94E970A0B3C Session-ID-ctx: Resumption PSK: 43DFE604A4B6428A929E140F621EDA9AD83EA5C14773F069A531A5C40FAE63FF3ECF048A74BBA17E4ECBEB1A77C5ECA0 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ba 94 87 c2 e8 b0 b9 2f-20 ee 73 e9 ac 85 ec f6 ......./ .s..... 0010 - 60 85 0b 36 c4 87 df 19-45 57 10 8f a3 c5 44 0f `..6....EW....D. 0020 - ce 57 4d 6b 71 b5 38 0e-15 9d 2d 6f 2c 70 65 8f .WMkq.8...-o,pe. 0030 - ef 1a 59 21 fe dd d2 1e-1f 80 d4 2a 5b 96 33 50 ..Y!.......*[.3P 0040 - 95 ed f9 e3 c2 1c 39 20-c7 29 10 fb 25 7f f1 27 ......9 .)..%..' 0050 - fd 66 c9 8b c8 ef 66 d5-01 76 bb 5e e4 4f 8c bd .f....f..v.^.O.. 0060 - 68 76 4f 71 95 e2 25 6b-06 2a 91 52 3a b7 2d 7a hvOq..%k.*.R:.-z 0070 - 1e 5c 3d 69 af 48 bb ea-4e a9 35 c5 b9 11 40 46 .\=i.H..N.5...@F 0080 - 50 b6 a3 4e 5a 35 d9 07-2c bf d8 e7 48 5e aa 52 P..NZ5..,...H^.R 0090 - 0f 50 58 da 5c d4 2a 1a-b6 3a 84 74 51 76 86 18 .PX.\.*..:.tQv.. 00a0 - 32 6e 9b aa b1 17 b5 3d-eb 2d 21 f4 8b 49 98 57 2n.....=.-!..I.W 00b0 - dc 41 33 e0 e2 ac fd 05-f2 ba 55 7a 0b bc 86 56 .A3.......Uz...V 00c0 - d1 f4 9d e6 f8 a2 29 a7-ed 1f 7c d5 05 3a bf 52 ......)...|..:.R Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40F9EBF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIIvkUR+WmlJxO87saBkfRHF8+VkjMxQ0Zcjw4qLxTP2P BDBD3+YEpLZCipKeFA9iHtqa2D6lwUdz8GmlMaXED65j/z7PBIp0u6F+TsvrGnfF 7KChBgIEZ66di6IEAgIcIKQGBAQBAAAArgYCBGaMKwWzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANJNT4F6US15/IHadHv/6WeiTgsgmg3KGVId LumDLiYSjkYyP7CwLHwCXT5bmOCzFoWt1b/3pFpT0T/iisDy+9ZdCCJR1nopqpHm 15JRL0QC3/Q/yipo6wVbEqEvab1hH4eCSdlNI2gsVU9PzmditpWfqbAKGlB0MttU AEz6wfrgNzUMf1hGEea4X5wlqkiOyUDJzhKbk1HwrHz3OBEa3H9WLGlJONegI3Ye P5dy4khJ1ihvIbUaToafUm4f6i04KM6h/YkUW8X/y5wWrJl0UMV5l/RLvBlN7iBd kF/nIz6k7Qub5InmCoeZWEk3BTOSAFtm95qPD1FBHTtG7C29pjsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQ70kxBR8Ux9/IntqKGnGtmXiEobTAf BgNVHSMEGDAWgBTNP1ooIetAG2E4optu/Qa0dDdzEzANBgkqhkiG9w0BAQsFAAOC AQEAV++snb3MGJS+siRU+UZz/neuBqR2pKuLjD2DTYO1i1+wTwd028RBgX54I6mM C2rven3eaaqXEPc6WZ8UehUH1MfoXr74LRmJVUiRYGq+xabzMsGxraKTwVUwdKA2 n9TerAp7/I9t4svaKykOqvljZOuNKRtKkspSLQIQ+/fs4LXketyKknL6xlVK5W/f BPM/i6liSFJ39WGvWHILXPv8/+W7/9Zxqf6cV+AsiJBTfKsdbHb8CmDTfkNN5L74 6ZLM90C4uqp8W3L61krNf0T9BkmKgxTkqff3bk21x98foyfPbKU+TjCxbD0WkZhl 4vdXvmyeVvRVgjDf6ZQgL6K+CA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 9B951694FF9681F4BB9B2A71CBD4CBCF5984B4091E4CC55F7E5804871E3CFCCB Session-ID-ctx: Master-Key: CA9984552F45B1C549E412D90C9EB2AD4109348A9B1BF15305CCF627D3E8E66763EE78EB9A83211DDC3AD71B8B74233E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 66 72 45 88 57 ed 92 b9-05 74 77 d0 44 0c f9 0b frE.W....tw.D... 0010 - 4e 2c 93 22 2a 9c 58 4d-7e ad 28 3a 53 c4 c8 55 N,."*.XM~.(:S..U 0020 - 61 20 08 b8 ce d4 b1 83-ee 12 59 f7 67 45 d6 be a ........Y.gE.. 0030 - 0b e7 27 b9 dc cb c5 b0-11 91 4f cc 2a 75 39 20 ..'.......O.*u9 0040 - 8b 8a 0a 72 41 ca 72 1b-ea 02 a3 8a 02 3e 5f 32 ...rA.r......>_2 0050 - 90 0f 01 af 83 db f9 28-1a 62 69 09 a7 51 f5 20 .......(.bi..Q. 0060 - 27 7a be 34 97 89 b2 8e-79 41 01 7e 46 76 d3 0b 'z.4....yA.~Fv.. 0070 - cf 63 31 36 17 0a cf 31-7d 71 31 1a c7 cd 67 81 .c16...1}q1...g. 0080 - f4 a1 ce 07 e1 0f c6 38-20 2e f9 53 00 63 31 c7 .......8 ..S.c1. 0090 - b5 24 1b 8d 44 54 f2 37-12 2e 01 c6 ed 04 e6 23 .$..DT.7.......# 00a0 - a1 36 04 d7 1f 8b 2c c1-9b c7 ec 81 09 77 75 d5 .6....,......wu. Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40F9EFF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDDKmYRVL0WxxUnkEtkMnrKtQQk0ipsb8VMFzPYn0+jm Z2PueOuagyEd3DrXG4t0Iz6hBgIEZ66di6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANJNT4F6US15/IHadHv/6WeiTgsgmg3KGVId LumDLiYSjkYyP7CwLHwCXT5bmOCzFoWt1b/3pFpT0T/iisDy+9ZdCCJR1nopqpHm 15JRL0QC3/Q/yipo6wVbEqEvab1hH4eCSdlNI2gsVU9PzmditpWfqbAKGlB0MttU AEz6wfrgNzUMf1hGEea4X5wlqkiOyUDJzhKbk1HwrHz3OBEa3H9WLGlJONegI3Ye P5dy4khJ1ihvIbUaToafUm4f6i04KM6h/YkUW8X/y5wWrJl0UMV5l/RLvBlN7iBd kF/nIz6k7Qub5InmCoeZWEk3BTOSAFtm95qPD1FBHTtG7C29pjsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQ70kxBR8Ux9/IntqKGnGtmXiEobTAf BgNVHSMEGDAWgBTNP1ooIetAG2E4optu/Qa0dDdzEzANBgkqhkiG9w0BAQsFAAOC AQEAV++snb3MGJS+siRU+UZz/neuBqR2pKuLjD2DTYO1i1+wTwd028RBgX54I6mM C2rven3eaaqXEPc6WZ8UehUH1MfoXr74LRmJVUiRYGq+xabzMsGxraKTwVUwdKA2 n9TerAp7/I9t4svaKykOqvljZOuNKRtKkspSLQIQ+/fs4LXketyKknL6xlVK5W/f BPM/i6liSFJ39WGvWHILXPv8/+W7/9Zxqf6cV+AsiJBTfKsdbHb8CmDTfkNN5L74 6ZLM90C4uqp8W3L61krNf0T9BkmKgxTkqff3bk21x98foyfPbKU+TjCxbD0WkZhl 4vdXvmyeVvRVgjDf6ZQgL6K+CA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 579442BED17AD3868045D17AEFAE1693115AF5C9DF209D72917F8B1AE69D5629 Session-ID-ctx: Resumption PSK: EFD4E0ABB94D4496737D023973E05DDE82E9A1EEECBDD6AD8078E4D98B90A5A394018D02E98AE5B04D7DCCF469915E2C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 7e e0 df 7b dd cf 15 1b-ae 76 6a 99 e8 d7 24 e0 ~..{.....vj...$. 0010 - 27 b4 8c 6b ab 57 0e e9-29 09 87 08 23 32 70 9f '..k.W..)...#2p. 0020 - e0 27 b6 dc 03 7b b9 1c-8a b8 fe ef f1 2e 39 75 .'...{........9u 0030 - 42 a2 9e cc 9a 3a 74 83-e8 37 de 6a 3d c3 7a 36 B....:t..7.j=.z6 0040 - 2e d2 86 57 77 a1 e9 e0-d5 33 40 8b cb 00 39 7f ...Ww....3@...9. 0050 - b2 b8 1a f5 67 c5 05 66-0f 2d 95 e1 f3 d0 22 2f ....g..f.-...."/ 0060 - 2c ab fd 12 a7 bf 46 1a-61 8a 25 0c bc 98 d9 fe ,.....F.a.%..... 0070 - 03 e8 6b 40 5c 0e af 66-a6 d6 87 e6 c9 8c 8e 18 ..k@\..f........ 0080 - 9b 5d 6f 0a 60 bf d0 0d-7f c6 76 fb f5 00 84 ff .]o.`.....v..... 0090 - ac 01 6b ec f1 f3 f7 fe-fb 89 93 66 ab ed ca 51 ..k........f...Q 00a0 - 31 99 58 6c f5 9b d2 be-e0 9f d3 92 1e f7 ad 85 1.Xl............ 00b0 - 38 a6 51 c0 f1 48 6c 3e-e2 18 c0 42 06 18 8a 6a 8.Q..Hl>...B...j 00c0 - 18 0c cf a6 a8 e8 06 2d-bc da 21 14 53 f5 3c de .......-..!.S.<. Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: C75DC18AB9994134111E3CC608CA7561C3EFF84662AD8B70D1BFA4AA055B25D3 Session-ID-ctx: Resumption PSK: 4426878E19B6277918F725F8DED8280B74FBC6206B32C238ACE04A70138638F4C76C98FB36975C306A0F27388F7860FE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 7e e0 df 7b dd cf 15 1b-ae 76 6a 99 e8 d7 24 e0 ~..{.....vj...$. 0010 - 4d be 16 28 64 9c 41 cf-08 27 6b f5 56 b7 af 94 M..(d.A..'k.V... 0020 - 24 8f 1f 36 37 e1 b2 65-c2 42 96 f4 51 b8 c7 68 $..67..e.B..Q..h 0030 - 37 aa a8 a8 e5 3c 43 07-ee 43 54 20 35 ad 85 67 7....e_|UUyi... 00b0 - 10 51 8b c0 bc 29 25 93-b1 40 cd 9c 1f 99 bd 63 .Q...)%..@.....c 00c0 - a9 1e 2b 0d 4f 04 5b 9f-63 e1 b5 fb 3a 94 c9 02 ..+.O.[.c...:... Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4009FCF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIKEVKMIx8NZyuo4VuA4o+nXFdchT2n7qll0dCg3fqi+6 BDBEJoeOGbYneRj3Jfje2CgLdPvGIGsywjis4EpwE4Y49MdsmPs2l1wwag8nOI94 YP6hBgIEZ66di6IEAgIcIKQGBAQBAAAArgcCBQD/npA8swMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQZucUjqhC8aAKP4atikv9tjh++C6HCbByGjjdbpVt7AMHs 4Op0VgzIbaasfunBfuIfr/zFMWR2CcQtZg9ZyEAio4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFPGz+sl6kNXoadZxfBtByzFykfXTMB8GA1UdIwQYMBaAFM0/ Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQBPYj1b0kuufG+E 3L76kpoUEDNYWSvUII7dePkNbmTD17tNsJCXFIk2knBrAUhw/lfnkvTTTTIZQZQC /SI1SmnZPowQYR1qArhP99+d8axp1N6N6z+ZzokX9bw96AF91KDFuRflCvnXZJl2 sa6Jdx/ZGVobbLC1xsYmblR/yp1AwKS5qf9dQYaFgcszfWkcbLr2QmGUteBLbDVs D3t8kuhLGO51v3F1bd9FbsV530dVboo6dYmZD4hhcHIiOMrPEq2frYD9v/rzc8ME B3+6UyzbOjFDIQxnKoGBr+M+18yMU1zCRyjVAAVPJeuUoQ/jsTccxlH6MQQNj/1R cqFKt/NK -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1087 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 729F33A261E94F99C17FDAA3D7B6FC487635DEB6E6E30371A045B66549BF077C Session-ID-ctx: Master-Key: 40065B054D0A4358BA048CA0AF515BF1050B584A0D7A24CCA6715A5DD063BFDC312AE68DF429B90958C03C74A4CC89B1 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 41 21 03 9c ae 38 55 47-75 53 94 60 04 9c 86 36 A!...8UGuS.`...6 0010 - 99 79 9e bf 79 94 bf d4-76 92 30 cf 79 a0 78 c9 .y..y...v.0.y.x. 0020 - 94 53 42 08 d0 e6 7b ca-4d b3 5f 0c 97 e1 63 d0 .SB...{.M._...c. 0030 - 99 4c a8 c3 62 f2 33 c9-26 a6 89 a8 cb cc 22 ba .L..b.3.&.....". 0040 - 9e 5d 45 30 f3 ac af 7b-c3 1b 6e 15 73 66 67 df .]E0...{..n.sfg. 0050 - 45 7f 77 64 b0 e3 84 15-dd bc 55 5d 32 e3 b7 82 E.wd......U]2... 0060 - 19 39 db 80 40 06 6c aa-f8 73 53 2b 58 dc 5f 3a .9..@.l..sS+X._: 0070 - 03 83 66 f6 a4 85 ba 2d-cb 92 cd 0b c9 6f 5b dc ..f....-.....o[. 0080 - 6f e5 a4 dc e3 eb 48 6c-83 ba cd 16 5d af 66 4b o.....Hl....].fK 0090 - bd df 41 16 08 27 90 3d-ce 8e a7 bf ab 6b fb 91 ..A..'.=.....k.. 00a0 - 47 ee b0 85 52 35 05 f6-20 66 22 01 f9 29 ce 2d G...R5.. f"..).- Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4059F0F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDBABlsFTQpDWLoEjKCvUVvxBQtYSg16JMymcVpd0GO/ 3DEq5o30KbkJWMA8dKTMibGhBgIEZ66di6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQZucUjqhC8aAKP4atikv9tjh++C6HCbByGjjdbpVt7AMHs 4Op0VgzIbaasfunBfuIfr/zFMWR2CcQtZg9ZyEAio4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFPGz+sl6kNXoadZxfBtByzFykfXTMB8GA1UdIwQYMBaAFM0/ Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQBPYj1b0kuufG+E 3L76kpoUEDNYWSvUII7dePkNbmTD17tNsJCXFIk2knBrAUhw/lfnkvTTTTIZQZQC /SI1SmnZPowQYR1qArhP99+d8axp1N6N6z+ZzokX9bw96AF91KDFuRflCvnXZJl2 sa6Jdx/ZGVobbLC1xsYmblR/yp1AwKS5qf9dQYaFgcszfWkcbLr2QmGUteBLbDVs D3t8kuhLGO51v3F1bd9FbsV530dVboo6dYmZD4hhcHIiOMrPEq2frYD9v/rzc8ME B3+6UyzbOjFDIQxnKoGBr+M+18yMU1zCRyjVAAVPJeuUoQ/jsTccxlH6MQQNj/1R cqFKt/NK -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1120 bytes and written 263 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 3C6232EF860582634FC7A9B8E6497CFD155C3E70D7CB78E3F177D0E9BC83059C Session-ID-ctx: Master-Key: CA0A287677F34CBD543887BF2BD3FB746AA13F1A98DE9DA11E788486ACCE34A36A3FD64368B11E5BF236D97E67EDA96A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 89 68 9b 43 b8 38 27 14-4a 1a fe db dc f7 13 00 .h.C.8'.J....... 0010 - 9f 84 45 84 d7 c7 e4 33-38 05 50 7f d7 42 81 0d ..E....38.P..B.. 0020 - 85 c5 66 90 f5 3c 83 c8-a7 39 14 24 be 5c 02 88 ..f..<...9.$.\.. 0030 - cc c9 78 ce 59 82 58 a6-99 dd 09 bc ed f6 a7 05 ..x.Y.X......... 0040 - b1 09 7a 0e f4 83 25 44-ea 07 fc c0 89 2c a8 a9 ..z...%D.....,.. 0050 - bf bc ad bf 72 b7 35 fd-bc e3 e7 80 e4 ba 6a 41 ....r.5.......jA 0060 - 94 84 c8 b6 d7 6e 91 39-06 0d 86 2e 83 a5 ab 9f .....n.9........ 0070 - 79 4a c8 f4 dd 53 d6 32-8b 11 e0 c0 8c e8 f9 e7 yJ...S.2........ 0080 - 7c 2d 79 74 be c0 12 44-a2 4c 93 96 ee ff 7d a6 |-yt...D.L....}. 0090 - e9 2f 61 e7 4d 15 a9 59-3b 8b 9e c6 7a 14 25 da ./a.M..Y;...z.%. 00a0 - d4 71 b9 7d d6 22 9b 0e-10 5c 5e ea 0e 8d 37 32 .q.}."...\^...72 Start Time: 1739496843 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4059F2F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDDKCih2d/NMvVQ4h78r0/t0aqE/GpjenaEeeISGrM40 o2o/1kNosR5b8jbZfmftqWqhBgIEZ66di6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQZucUjqhC8aAKP4atikv9tjh++C6HCbByGjjdbpVt7AMHs 4Op0VgzIbaasfunBfuIfr/zFMWR2CcQtZg9ZyEAio4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFPGz+sl6kNXoadZxfBtByzFykfXTMB8GA1UdIwQYMBaAFM0/ Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQBPYj1b0kuufG+E 3L76kpoUEDNYWSvUII7dePkNbmTD17tNsJCXFIk2knBrAUhw/lfnkvTTTTIZQZQC /SI1SmnZPowQYR1qArhP99+d8axp1N6N6z+ZzokX9bw96AF91KDFuRflCvnXZJl2 sa6Jdx/ZGVobbLC1xsYmblR/yp1AwKS5qf9dQYaFgcszfWkcbLr2QmGUteBLbDVs D3t8kuhLGO51v3F1bd9FbsV530dVboo6dYmZD4hhcHIiOMrPEq2frYD9v/rzc8ME B3+6UyzbOjFDIQxnKoGBr+M+18yMU1zCRyjVAAVPJeuUoQ/jsTccxlH6MQQNj/1R cqFKt/NK -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1061 bytes and written 329 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4CF70E01DA19AB359F174F1696C20E32AA0646290AF0AC672CE4DB50FF0E1D92 Session-ID-ctx: Resumption PSK: BB0EBBF682BEFD2FE3AB7662EF12FE7072FA6B52C1FBD845D7E278B7924696A56F8384B5EBA6A0C5467540CB16845771 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ef 3a 24 05 4f 3f 73 68-dd 3a 50 b4 c0 ee 04 5f .:$.O?sh.:P...._ 0010 - 99 2b b6 4e 6f 72 6f db-c8 fb 15 cb 52 ed b8 25 .+.Noro.....R..% 0020 - 7a a7 9c 32 f7 0d e9 dc-66 bb 23 b7 df 0b ba e8 z..2....f.#..... 0030 - cb ac 5b e0 39 c3 84 ad-49 3e 12 f2 fc 6f 0c ed ..[.9...I>...o.. 0040 - 9c 8a f0 34 13 88 f6 60-6e f9 50 28 14 a0 6b 01 ...4...`n.P(..k. 0050 - bc 6e d7 97 f3 a1 cd 51-35 dc b5 fc 27 b5 a6 b9 .n.....Q5...'... 0060 - 38 1a 60 04 b4 1f 37 bd-f9 03 4c ef 26 89 fb 3f 8.`...7...L.&..? 0070 - d2 4a 16 ab 0d 1e 97 be-7a ee cd d1 31 ce 1f f3 .J......z...1... 0080 - 3a af b1 39 0d 29 58 54-27 6e 03 4f 19 87 36 9a :..9.)XT'n.O..6. 0090 - b2 c5 ac fd 92 bb 70 ce-fd 15 46 44 c4 2f 9f e6 ......p...FD./.. 00a0 - 20 43 76 e4 95 db b1 06-2a 09 bf 69 eb 91 e3 97 Cv.....*..i.... 00b0 - 8f d5 50 e1 2e e2 41 5d-ed 76 f7 d5 b5 92 33 7b ..P...A].v....3{ 00c0 - b1 a7 43 da 7c d5 9e b9-78 52 d9 1d 7d 60 d0 67 ..C.|...xR..}`.g Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 987B8C9788C309C3453EB517AB0E52C3874009EAC763D97672BBEA74A9472B59 Session-ID-ctx: Resumption PSK: 00924DFD31A548C9E533216738BDC43EC66BE1AF5D45454857E8AC3128B36D2B3BEAE263D47A61D20445CB1406B4B32A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ef 3a 24 05 4f 3f 73 68-dd 3a 50 b4 c0 ee 04 5f .:$.O?sh.:P...._ 0010 - 50 a2 3b fd 63 2f 09 c9-2e a3 a3 a0 26 3b 87 36 P.;.c/......&;.6 0020 - db 13 70 96 08 08 13 25-ce 6a 6f 60 e6 bd 62 8d ..p....%.jo`..b. 0030 - 4c ab 95 ba 20 f6 9b 7d-8f 01 ba 1c fb 2c 37 b8 L... ..}.....,7. 0040 - 53 55 b8 43 6a 7d f9 48-5d e5 ac 65 97 0c 10 cc SU.Cj}.H]..e.... 0050 - ab cd 3f 89 68 7d 6d db-41 a1 a2 07 58 a8 63 c1 ..?.h}m.A...X.c. 0060 - 27 2f 23 0e e7 91 1a 1a-84 5c 61 54 61 9d cc 5b '/#......\aTa..[ 0070 - ca 8e da 63 2a c1 62 f6-85 ae d0 65 e4 03 ff f7 ...c*.b....e.... 0080 - d7 bb 9f 9a 16 dc 35 da-c6 db d6 72 04 23 55 c1 ......5....r.#U. 0090 - 1c d3 3d 60 6f 94 47 c7-5b 7c 5b 2f e2 0d 77 ef ..=`o.G.[|[/..w. 00a0 - 24 90 c5 a8 c1 2f 3d a3-22 c7 0d 4f e3 a4 a7 3f $..../=."..O...? 00b0 - d3 de ca d7 ad b8 19 ef-1b f6 69 07 92 a3 50 aa ..........i...P. 00c0 - a4 dc a2 4c dd 40 d4 07-59 52 d1 63 c0 6a cb 45 ...L.@..YR.c.j.E Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40D9ECF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIBT5A3rbb3DCbwu0wTZkoOflFbKsGEOlX/rSB/mX84S4 BDAAkk39MaVIyeUzIWc4vcQ+xmvhr11FRUhX6KwxKLNtKzvq4mPUemHSBEXLFAa0 syqhBgIEZ66djKIEAgIcIKQGBAQBAAAArgcCBQC+KIJ7swMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANJNT4F6US15/IHadHv/6WeiTgsgmg3KGVId LumDLiYSjkYyP7CwLHwCXT5bmOCzFoWt1b/3pFpT0T/iisDy+9ZdCCJR1nopqpHm 15JRL0QC3/Q/yipo6wVbEqEvab1hH4eCSdlNI2gsVU9PzmditpWfqbAKGlB0MttU AEz6wfrgNzUMf1hGEea4X5wlqkiOyUDJzhKbk1HwrHz3OBEa3H9WLGlJONegI3Ye P5dy4khJ1ihvIbUaToafUm4f6i04KM6h/YkUW8X/y5wWrJl0UMV5l/RLvBlN7iBd kF/nIz6k7Qub5InmCoeZWEk3BTOSAFtm95qPD1FBHTtG7C29pjsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQ70kxBR8Ux9/IntqKGnGtmXiEobTAf BgNVHSMEGDAWgBTNP1ooIetAG2E4optu/Qa0dDdzEzANBgkqhkiG9w0BAQsFAAOC AQEAV++snb3MGJS+siRU+UZz/neuBqR2pKuLjD2DTYO1i1+wTwd028RBgX54I6mM C2rven3eaaqXEPc6WZ8UehUH1MfoXr74LRmJVUiRYGq+xabzMsGxraKTwVUwdKA2 n9TerAp7/I9t4svaKykOqvljZOuNKRtKkspSLQIQ+/fs4LXketyKknL6xlVK5W/f BPM/i6liSFJ39WGvWHILXPv8/+W7/9Zxqf6cV+AsiJBTfKsdbHb8CmDTfkNN5L74 6ZLM90C4uqp8W3L61krNf0T9BkmKgxTkqff3bk21x98foyfPbKU+TjCxbD0WkZhl 4vdXvmyeVvRVgjDf6ZQgL6K+CA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0F418EC096A6CE1970BAC693CA48E307B1FC159BF4F01ED018FC14580B0153F5 Session-ID-ctx: Resumption PSK: 40EB3B7EE9AB45380E191C852EA25040899CE5E6DC2C444E247A6EAA9C783DFB95445DF3EAEE168CB97EAF0EA96A22A8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 55 6d 65 f4 a2 ae 29 f9-d6 42 b6 4c 8a f1 eb 31 Ume...)..B.L...1 0010 - 5c ec fc c9 b0 09 1e 8b-2c 1c 0b 09 21 e5 32 09 \.......,...!.2. 0020 - 1c e1 7f 21 ef 27 a8 49-13 bc ce 28 5c 84 57 17 ...!.'.I...(\.W. 0030 - f5 20 34 0e c7 e4 a7 95-14 13 e1 92 ec 51 2d b9 . 4..........Q-. 0040 - 41 40 e3 95 24 5a 99 5b-fd 81 a9 1c 18 97 c6 93 A@..$Z.[........ 0050 - 95 0f fc cc a6 02 09 18-bf d6 9a 98 21 35 35 5c ............!55\ 0060 - 14 ef d8 26 65 10 41 b9-15 74 6b 9a b7 f2 79 04 ...&e.A..tk...y. 0070 - 5a 43 62 7d 43 82 04 23-95 db 8b ea d2 3c f5 67 ZCb}C..#.....<.g 0080 - 31 05 79 90 ea b3 3f f9-10 f2 84 f1 f6 22 ef fa 1.y...?......".. 0090 - fd 5d d5 a4 50 92 44 cc-1d 79 90 4f 96 3c c3 61 .]..P.D..y.O.<.a 00a0 - 40 1c e8 3c 25 9c a6 de-ac 32 fc 31 d4 1f 75 24 @..<%....2.1..u$ 00b0 - db be f6 e0 b4 9e ce 36-65 e3 98 01 40 d6 0a ce .......6e...@... 00c0 - e0 42 49 7d f4 42 04 8e-eb 75 66 a9 09 3f b1 12 .BI}.B...uf..?.. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2667A25BD4B779AE5E1C02DF56C191625C4E706EB9A86B53B838B6954F869DCC Session-ID-ctx: Resumption PSK: D684928607DD3ABBCFCF5A515AA4E1A4E5942D8BF73A3DADB0DF37531C24DEB17B528B3EDB02F482BED58968D3C08F04 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 55 6d 65 f4 a2 ae 29 f9-d6 42 b6 4c 8a f1 eb 31 Ume...)..B.L...1 0010 - 24 a8 fa d5 1c 36 59 99-a0 53 e8 f6 bb f7 0f fb $....6Y..S...... 0020 - 46 59 40 91 14 ef 64 7a-4e 2f db 9a 9c 38 07 ce FY@...dzN/...8.. 0030 - 25 12 b9 bd 07 18 16 eb-83 a9 4d ff cf a3 4a 2b %.........M...J+ 0040 - ee bf 71 36 c7 3a 50 20-a1 09 20 13 1c e4 fa c1 ..q6.:P .. ..... 0050 - 27 b6 fd 02 a2 b8 c6 1b-74 ce 8e b0 14 a7 dd 93 '.......t....... 0060 - b6 3a 85 4b b2 1f 7b 46-ea ea 26 ff c2 59 2e c5 .:.K..{F..&..Y.. 0070 - 43 b3 87 d3 e6 43 ed 3c-5f 46 8a 10 db 22 ab b5 C....C.<_F...".. 0080 - 88 3d 0c 7a ed 61 ec 3f-f4 6c 82 cc ea 0c d7 66 .=.z.a.?.l.....f 0090 - 54 74 89 53 7e 2f d8 09-02 0d de 74 53 19 ad 49 Tt.S~/.....tS..I 00a0 - fc a1 97 9d 69 ab d5 f0-5f 26 8a a2 2b 13 23 f1 ....i..._&..+.#. 00b0 - c1 25 78 42 55 2c 5c 8f-3d 3b a0 25 48 f6 67 31 .%xBU,\.=;.%H.g1 00c0 - 7c 46 27 24 78 e0 6e 48-cf d5 f1 d1 31 94 82 c5 |F'$x.nH....1... Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4079F5F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIPW8bAU/GW6LmJOrRkyc8rnvh9StbkV7WBJ6KGnu8MP7 BDDWhJKGB906u8/PWlFapOGk5ZQti/c6Pa2w3zdTHCTesXtSiz7bAvSCvtWJaNPA jwShBgIEZ66djKIEAgIcIKQGBAQBAAAArgYCBFw4UZWzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 14 01:34:04 2025 GMT; NotAfter: Mar 16 01:34:04 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUZx9Ad5CEkJkphEkHQHUj88AKNXAwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE0MDEzNDA0WhcNMjUwMzE2MDEzNDA0WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQD1xgJxtEpH55fbsYtF bo+z71MgtyadruRmicffXoB3ueJEKvNe6dS5Up4Sn5VVa1eJ8agjV6fSPYzgRduC cCbO4zGOhs0zotERhRPh05P42w63bCCIZI2hmvPtv9AV/ynmGriS2/2wa37hWDcy tm63IJq9vi+Dfw41sTjVjvDzsGKtmKZ6Lhxn5kuqe4qWS4wkMFtSTG1+t//XfYFP Ix0seY42O9VjyAJlG2CrM3szPxl7qMS4H5ftCPUsSH0sWL4LehLXNZuesi361jKA UNs8tHLjKPjZTybc/t7hp0kE+n1S0a57zeG5YQrGJ9oRbJtRXrDguWUSSel2pmg+ YYK/AgMBAAGjaTBnMB0GA1UdDgQWBBRKuwXGai9N8tMALO5PfqGJpCZtEDAfBgNV HSMEGDAWgBRKuwXGai9N8tMALO5PfqGJpCZtEDAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAJDl3MwcmIM/R S21/f4Cy6VexKVJdT75B3/2L/2at1VEXqJZ7BcXrq5cPVUA1rJLTcQtaD5Pp69DR vN+SWcv67+guqDJAv/DfjQxRCjTVmlrMK0igMr4DK572Iu0v9iubCOxZC76yvKMV OGT6+UmzQnDgHrUoNk5gF9ElLXse2tMKRILzb3HJ4Y0ac663B014G7qtKylwnWuL OYlt9GBiQRoJkohBckUaZXsMMPswGHultWS1Ba1BZj6yhRjI9pcUyvRhtpl1E0XC d0Pdi4wFhol0teMbpnHR1bAgbhnHuhPcZKmFjR9u7aOi0+H8FRutoeaBudcSIvO/ 2ogYtjz3SA== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: D535EA8B8EF9DFE16E976FA9E9A209599C097570CB37806AD7F911C16B90E0A3 Session-ID-ctx: Resumption PSK: 9D672ECBB69C0E519AA5F88D528D61A93D0C6FF0D2C9CF543969DA2A9FD88DA2AAEC86DCDBE8ED6B97B8D36D027A7F02 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a6 b4 05 b4 37 1e 9f 76-2a 9b a1 71 a7 3c bf 55 ....7..v*..q.<.U 0010 - 13 34 a3 14 91 26 46 cc-f8 d2 26 2e 9d 71 63 64 .4...&F...&..qcd 0020 - ee c0 4b 31 99 2a 06 bf-f3 f7 94 b8 68 43 09 d8 ..K1.*......hC.. 0030 - d4 9a a0 b3 eb ec 07 b2-c8 f5 19 22 2b ce 78 96 ..........."+.x. 0040 - e5 53 fa 6e dd b1 8e 1c-82 b6 64 81 ab ed e5 c3 .S.n......d..... 0050 - fb 89 00 e6 a8 65 bb 7c-40 37 c5 fc 11 ea 08 92 .....e.|@7...... 0060 - c0 79 8a 51 a4 49 8d 3b-38 0a fb 14 a4 9e bb e7 .y.Q.I.;8....... 0070 - 35 b6 a5 f0 51 c9 f6 7a-92 da 2c 30 69 e3 80 72 5...Q..z..,0i..r 0080 - 44 9b 41 a1 ad 40 6b c6-4b 2a cb 84 d3 84 3e a8 D.A..@k.K*....>. 0090 - 3d 46 45 b4 3d 1e ce 79-5b 74 cf 4d 93 90 d5 41 =FE.=..y[t.M...A 00a0 - 20 dd e0 7e 56 68 4e c2-d5 fc ac 88 9f 77 7d 52 ..~VhN......w}R 00b0 - a8 eb 71 b8 19 26 64 45-fd c1 02 ea bb c4 69 8e ..q..&dE......i. 00c0 - 21 31 0c b1 77 b2 39 61-94 90 c0 c0 03 d4 74 f6 !1..w.9a......t. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8EB578EB2668DEC4B65637387739138EB4E8E49F8F23A490C52940BBFE85E298 Session-ID-ctx: Resumption PSK: 3F4975019ECF1863D53F3F5E9C5F8B51D85E3D8A4EF8818658ECB74931FAD6489AFE15539CB8E86B27A03E4AE269FC7E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a6 b4 05 b4 37 1e 9f 76-2a 9b a1 71 a7 3c bf 55 ....7..v*..q.<.U 0010 - 21 6c 68 f1 4f 34 a2 b5-59 18 e7 e3 ce c8 fc ad !lh.O4..Y....... 0020 - 2c 2b e9 64 70 c3 63 9c-9a cb cb 67 81 ad d1 2b ,+.dp.c....g...+ 0030 - 3b 52 fe 4b 22 bf 91 d8-40 a4 ec 78 6e ae 01 d5 ;R.K"...@..xn... 0040 - 58 c4 dc 6c 2f 73 c1 06-99 64 90 01 d0 61 1d 97 X..l/s...d...a.. 0050 - dd 95 da ac c2 e9 b1 c5-c8 77 a4 b0 ac 42 0b c8 .........w...B.. 0060 - f2 5f 9c 63 bd b8 b4 48-84 20 fe f5 9c c3 d8 55 ._.c...H. .....U 0070 - f7 7a ee ee 5f c2 c8 8f-fe c6 ce ab f0 44 32 df .z.._........D2. 0080 - 9a 28 ba aa da 19 e9 75-01 41 77 b5 ad 1f 44 fd .(.....u.Aw...D. 0090 - 4c b9 37 c5 ca 54 c5 fa-22 27 ae 18 51 bf 35 fd L.7..T.."'..Q.5. 00a0 - 9d fa a3 56 10 73 02 32-ec 41 f0 b1 f3 4c cd 02 ...V.s.2.A...L.. 00b0 - 84 ef f9 a5 e6 30 c5 a8-db 97 50 5c c2 62 59 f1 .....0....P\.bY. 00c0 - 5f 2b 7a c0 e8 73 68 9d-78 6f 99 ec e0 20 57 fe _+z..sh.xo... W. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40F9F0F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIFkP4K9+wMMhpiVpAjNXE3BPWDE8/UdLZu5Ay24q8jNH BDA/SXUBns8YY9U/P16cX4tR2F49ik74gYZY7LdJMfrWSJr+FVOcuOhrJ6A+SuJp /H6hBgIEZ66djKIEAgIcIKQGBAQBAAAArgcCBQCZ45RLswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3096 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 14 01:34:04 2025 GMT; NotAfter: Mar 16 01:34:04 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUcwI8HOpPf81MDIA7qrRFk69A8d4wPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE0MDEzNDA0WhcNMjUwMzE2MDEzNDA0WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwxaMyjAbSqkgWMsVDrr VjCLkdu5u5mVsEhygPW0zd7L15avqiyBGSs4BenW2SI94UOP5xZlXzzX4qTR4gBN sfLAJ1KKk1VexUa1BTTY9qDqUNlKkugCTYnaiwGZnIDbXKDnm8xUr2WHGzb6CQC/ D1hJVKJ0RJaHx+ePKey3whimjY5KJvs7dc5exkTQJZho/b+qFnRUItG9wGzvbqH5 ugTSvSWVZAHKui0GWxPCp+LvU87dFyf3UiJtZy5SQOxJFs6aEmTbybh+oGWQSjjy DZ1RlOBwKVPKbzTuDU55p5tXERSBGjP6oCzEH1XBBcjmxA4gGtFe7CJz0oY1K/s2 HoqsL5idBJqmyN1mSBqOsbWyaU2yPwRBxpltbZiAcEN0v+IF7tZhFn8NIsgye2gc vS/4RNerWqLn0BoN4FSWfCSex0xGOdNif59krklVnfyjx3VTYHKkq4qvkDUi4n3L hASJM76ueeuzptE/OV25SO0xW6IuS4L5k96ZWDEBjtt/G9TTmQIDAQABo2kwZzAd BgNVHQ4EFgQUttjbz8HhS6EHBt7wJIuRK3s1FwwwHwYDVR0jBBgwFoAUttjbz8Hh S6EHBt7wJIuRK3s1FwwwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAUiRVx+5Dyl10VHVDaRQNJ/BIY/wpuj B17KGpBJEIptmuYtNlSy3xLzXxQ80hldS9bqOKnCEtSbErT2iK2JM0o3WMhAd6fw wMX4IiSPsBc5u9DaBOUr7U6HgoQVLRD/9ZnMAHhS2ineDPxSzwh5Bb1w5zD/J63Z aE36TOWiRtA10gJmE2KJ8jCfbUWf1H/WgZKm+asLXTic5wiepVLtZOaXKOK+qUoG QUwyTFab4K8+HLuiDY4JZbYuPWqNIcRbfp/pjbU6QwIPNy992wgFti8abt8vc2+6 vszAHtWKYMAflO+zcvSXBecENGB5wBcPmQ1wgy8Vl5f9V9WixEf1w+Fnxfb/Pxwq 0R+ltr6KFjy+mB2H41lxpEx+ffT4ehDbOV5V9gZopj6Twh6UNEj9d6RhjDzbBKBd 7pfJtEdzGl4Cgy2hXvloqxum1SeCm36yXn77z8p3E34I0ZbZ5HWP9f8UssagoaUA Pw6W8nef7VJQHdJtSvYjnK839odMHNP1YUy8tQ== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3096 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 61DD01763DF7CF1530287E629FC63FB1F12EE0DEDD488ACD7D170F7188D371A5 Session-ID-ctx: Resumption PSK: 1020789C057D8157B1859A6C4035D36BFE5699F4138B03804B09567781970907BB81155521A460B956306147C43C9B77 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b3 d6 7c 6c e9 79 78 e9-82 97 7c b7 fc 99 59 a9 ..|l.yx...|...Y. 0010 - c5 3a ca b8 6d 77 9b 3d-d3 94 4e cf 11 a2 bf f6 .:..mw.=..N..... 0020 - 27 ee 20 df 97 d4 31 31-14 d2 df 86 a3 d4 6b 95 '. ...11......k. 0030 - 99 d3 16 e0 8f 97 22 85-58 2b f7 a0 01 83 a8 02 ......".X+...... 0040 - 97 26 71 79 73 48 48 0a-8f 6d ac 5a 5f 25 66 e8 .&qysHH..m.Z_%f. 0050 - 30 98 dd 02 b4 89 fe 48-d6 f5 28 ee ef 67 c2 2a 0......H..(..g.* 0060 - 86 36 49 90 84 dc 99 ce-09 7f fb ba 2e a3 28 06 .6I...........(. 0070 - a4 9f 65 94 35 c4 66 fd-87 fc 48 c0 41 0b 85 34 ..e.5.f...H.A..4 0080 - 4a e4 c1 33 e8 42 72 26-b9 14 82 71 94 8b 57 40 J..3.Br&...q..W@ 0090 - 29 9b ef 2e 72 27 55 3f-ed 26 0b 72 46 17 fe 5a )...r'U?.&.rF..Z 00a0 - 39 b3 b2 e0 e7 9a 8d 26-e9 21 6f 47 f4 fe 2f dc 9......&.!oG../. 00b0 - 28 65 bb e5 2c 61 e9 4d-11 9a c8 a4 f7 88 eb 1e (e..,a.M........ 00c0 - 2b e6 e7 52 98 dd 8a 1a-66 62 e0 67 c5 44 26 85 +..R....fb.g.D&. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 349E4920DACE3A7344B153B9C47EE6697043C880E3165C7A0A1D8A1A86D29914 Session-ID-ctx: Resumption PSK: DA920F04B67B234FF781696E02C9A3F11611D4C2ED4874FDE69FAE6253290CE688084C39D26AF8BD51C162722AA2E36C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b3 d6 7c 6c e9 79 78 e9-82 97 7c b7 fc 99 59 a9 ..|l.yx...|...Y. 0010 - 53 0c 78 d8 08 e8 44 b5-10 0e 06 bf d9 15 39 79 S.x...D.......9y 0020 - 55 19 23 d6 53 44 8f f5-99 45 f1 f9 19 86 cf 6a U.#.SD...E.....j 0030 - 16 87 d0 eb 60 b7 d2 37-55 00 78 75 c5 a0 8c a1 ....`..7U.xu.... 0040 - e3 4d 1f 78 cc 42 64 6b-80 d5 a2 0b e5 a9 36 24 .M.x.Bdk......6$ 0050 - 1a a2 73 6c c0 4c 73 69-57 56 48 b3 bc f7 fb e7 ..sl.LsiWVH..... 0060 - 3e 0b e0 21 0f 9d 8d b8-43 88 7c 91 7a d8 8c 8f >..!....C.|.z... 0070 - fd ec f7 b6 7d cb 11 00-39 fa db 34 ec b3 79 c8 ....}...9..4..y. 0080 - 73 68 1e 29 f1 ac ab cc-ec 3a db 43 08 3d 26 37 sh.).....:.C.=&7 0090 - 51 16 50 f9 38 37 44 be-62 d9 f3 0b b8 15 15 2a Q.P.87D.b......* 00a0 - 88 5f 74 95 cf 17 1f 91-16 c4 34 9f 62 cd 66 46 ._t.......4.b.fF 00b0 - 03 7f a7 9a 5b 2a 6f df-99 72 66 9d 70 2e a7 42 ....[*o..rf.p..B 00c0 - 97 41 47 88 29 fd 2d 63-6a ec c7 ff 93 55 d3 b1 .AG.).-cj....U.. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4059F3F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIDk/BG1QTjFyTLO49TU6bgQ2fvuYWdZBlufosl3A6hm3 BDDakg8EtnsjT/eBaW4CyaPxFhHUwu1IdP3mn65iUykM5ogITDnSavi9UcFiciqi 42yhBgIEZ66djKIEAgIcIKQGBAQBAAAArgYCBE0/eQOzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQZucUjqhC8aAKP4atikv9tjh++C6HCbByGjjdbpVt7AMHs 4Op0VgzIbaasfunBfuIfr/zFMWR2CcQtZg9ZyEAio4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFPGz+sl6kNXoadZxfBtByzFykfXTMB8GA1UdIwQYMBaAFM0/ Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQBPYj1b0kuufG+E 3L76kpoUEDNYWSvUII7dePkNbmTD17tNsJCXFIk2knBrAUhw/lfnkvTTTTIZQZQC /SI1SmnZPowQYR1qArhP99+d8axp1N6N6z+ZzokX9bw96AF91KDFuRflCvnXZJl2 sa6Jdx/ZGVobbLC1xsYmblR/yp1AwKS5qf9dQYaFgcszfWkcbLr2QmGUteBLbDVs D3t8kuhLGO51v3F1bd9FbsV530dVboo6dYmZD4hhcHIiOMrPEq2frYD9v/rzc8ME B3+6UyzbOjFDIQxnKoGBr+M+18yMU1zCRyjVAAVPJeuUoQ/jsTccxlH6MQQNj/1R cqFKt/NK -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1001 bytes and written 391 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 334AE0B16600F7C5713B7272281727A63D0B1051043E52A7F2B66E69EA4B8627 Session-ID-ctx: Resumption PSK: 64F182247F855A82D4070AC26CF0C64C7AC7ECCB4D2E56CC048D8B6DE7CBD643354FA085932D4B48D6DBC1871C01614C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f8 cb 5b 60 60 eb b3 85-6d d8 2f ab ce 3d e1 aa ..[``...m./..=.. 0010 - 80 78 f0 04 65 4d 2d f2-80 ab 00 4a a9 06 63 49 .x..eM-....J..cI 0020 - 47 a9 0f 2a d0 22 bf 25-7e a3 5b eb 51 23 a1 c9 G..*.".%~.[.Q#.. 0030 - cb 3f ea d9 dc 11 f3 d3-5a bd 47 a9 76 14 89 1e .?......Z.G.v... 0040 - 6d 62 44 58 84 25 67 2e-66 49 c3 68 fb 86 b8 ad mbDX.%g.fI.h.... 0050 - 8e 68 df 5f 8e 0c 89 eb-66 d1 3b 07 f9 25 12 17 .h._....f.;..%.. 0060 - 90 9c 19 97 93 f3 0b 4a-2a 00 4d c9 e7 df 4b d5 .......J*.M...K. 0070 - 70 a6 c9 20 16 2d be 06-9c a7 7f fa be 3e 0c 6e p.. .-.......>.n 0080 - eb 9f e6 e9 95 b7 66 a2-b6 d5 55 9a c8 6f c7 0f ......f...U..o.. 0090 - 87 da 9f de 39 55 1f 88-ea a9 65 7f ec 22 b5 a3 ....9U....e..".. 00a0 - 24 a8 ca b3 ce 33 d1 c3-20 93 20 da 0e 19 08 e5 $....3.. . ..... 00b0 - 67 94 eb 90 61 5d a4 bd-6a 05 20 cf ed 4a 0d 22 g...a]..j. ..J." 00c0 - d1 e1 bb 1f f2 49 5a 35-f4 7b f6 fc 8c e1 6e e8 .....IZ5.{....n. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2D090D24E570604073E96476A1AE28D05D3447DDD950C525587B5C9C4161AF57 Session-ID-ctx: Resumption PSK: BC819578CE5704758CE8F64DDB2970A8CDB684A4FB15CA6B2B7ADA08D62D26302E2E8DFB3162215AC1A654227AC4D38A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f8 cb 5b 60 60 eb b3 85-6d d8 2f ab ce 3d e1 aa ..[``...m./..=.. 0010 - 49 e0 97 95 1f c2 34 d0-0c 7b 9a 9b 2d 9d a1 cc I.....4..{..-... 0020 - e0 99 85 eb 6f f4 0e b6-bb 63 71 00 f8 e3 b9 d9 ....o....cq..... 0030 - e4 22 e1 ce 7e cc 01 3b-ed 68 38 d3 89 4e 0c e8 ."..~..;.h8..N.. 0040 - 5d 94 80 e6 03 60 72 bc-cc e3 a6 22 5a 9a dc 25 ]....`r...."Z..% 0050 - 8b d1 88 bf 23 ac e0 5e-4e 79 b5 01 90 83 57 3e ....#..^Ny....W> 0060 - 12 8a 9f 7c 23 6d 2f ec-a5 62 16 bf d8 0a 4e f6 ...|#m/..b....N. 0070 - f9 07 0d 5a 3c 91 86 91-46 37 bb a0 78 fe 5a 2e ...Z<...F7..x.Z. 0080 - bb 3c 7f 49 42 07 91 69-2b fc 5d 63 ca d4 74 d6 .<.IB..i+.]c..t. 0090 - 2e 86 7b ba 46 10 c2 3a-10 6f 3a a3 f6 4b 8a 97 ..{.F..:.o:..K.. 00a0 - 4b 5b 30 01 91 37 8d 47-f7 90 e1 5b 2a 9e 3e f5 K[0..7.G...[*.>. 00b0 - d7 25 39 88 65 08 8f 3c-50 4b d5 cb 9a 89 62 01 .%9.e.. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4019F9F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIGgagBjITdR2T1tIg78Ki73dsNbudp0I07Y64uqzANUX BDC8gZV4zlcEdYzo9k3bKXCozbaEpPsVymsretoI1i0mMC4ujfsxYiFawaZUInrE 04qhBgIEZ66djKIEAgIcIKQGBAQBAAAArgcCBQD4MBMmswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:33 2025 GMT; NotAfter: Feb 14 01:33:33 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMzWhcNMjYwMjE0MDEzMzMzWjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAAlotOgxMgd8yRCF3ne/0D/s59A8RjcOS7FrrpzCkL1Fo4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFIHzQiQYYaKqA6Qu/panSO6ElqGwMB8GA1UdIwQY MBaAFM0/Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQAuEZff pYHyAJp1S/ijfS81IXnwoa0xz4Q/EQWx/pUzYKCPtIuF3mldA/gFPH4R/x6L+DdZ eOXzjpkUWEdD1aM9+RXBPUWoyO3CXq5hF5nKelg2dLmNAp7Yp1Ddj6lPnGOHTV/j 3ZNelM4ARCBo7e9xTmWf+voeXTlKQFbLGjuNEo4fwMA6Wtvt8rdc3Z9PH+ICJ29w ZNjS4kqtK6q4XwGSe1ZVD/YG2vMbmBYpNNHBaICxYKmIxWa7Iex1MG0TS86xuqaT qyU439/UMa8itmiHTP0aK3ye0tDd4hTDCYtr2glmGSNjPXtMHtYfA1KkMlTinCqC fHv4fIVDpvDOmakv -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3E2A314EACE33D9AF58713926BD0357DD0FC2838F283608BF90848A51C09BE39 Session-ID-ctx: Resumption PSK: B5B11A2999ED793CA952B7BA192249B1E0F538A89F85E21832B21449903CADE0807E489D718BC64488CD7D8D33DDE1FF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ef a4 39 14 72 09 47 24-fe b7 39 22 e4 a7 7a a7 ..9.r.G$..9"..z. 0010 - 00 1d 98 e1 35 df ec 2f-c5 e6 be 3c cc 54 b0 cf ....5../...<.T.. 0020 - 21 1e d5 f7 4f 21 00 77-59 30 2e f4 c3 3c 5b 20 !...O!.wY0...<[ 0030 - b1 39 eb 79 0f b1 6c 61-3d 3b 47 a0 60 d1 e5 21 .9.y..la=;G.`..! 0040 - 57 33 cd 71 63 b6 54 3f-da 0a 43 7c ba 18 ed 94 W3.qc.T?..C|.... 0050 - 9b 21 df b2 ae 51 26 c9-1f 27 13 cb 72 eb ae a5 .!...Q&..'..r... 0060 - fb 14 32 67 54 a3 16 6f-41 75 ee 38 ea f4 22 b7 ..2gT..oAu.8..". 0070 - 32 76 1a 0d fe 58 f6 3d-86 c4 0e 93 47 e4 62 e5 2v...X.=....G.b. 0080 - 63 f6 d1 73 e1 3c c0 40-65 c6 9c 48 26 ea c1 4a c..s.<.@e..H&..J 0090 - 9f 10 90 32 96 7a e2 50-17 a5 c6 48 89 49 81 d1 ...2.z.P...H.I.. 00a0 - ca d3 d3 66 d8 95 33 25-92 91 3d d3 1b 65 bb dc ...f..3%..=..e.. 00b0 - 57 e8 8b a1 81 c6 01 8a-3c db da 82 e3 c3 bd a0 W.......<....... 00c0 - c2 60 e5 ac 6c 83 4a 3b-81 7f d1 23 ac 8f 17 a0 .`..l.J;...#.... Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B75103EB8E8E59087879224B0275AD8D26DE60140FB5E39377EE369C3C918943 Session-ID-ctx: Resumption PSK: 196B52FD27C678D74549C7CCAD977C090B472B4BAE37C97A8F970A959DFB8A05573FB630B4D2ED2A68AD75E59EE87279 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ef a4 39 14 72 09 47 24-fe b7 39 22 e4 a7 7a a7 ..9.r.G$..9"..z. 0010 - da 02 45 9d b4 4f 0c e9-5e 7e a1 4c 75 71 e9 2a ..E..O..^~.Luq.* 0020 - 12 10 ae 82 2b 68 ca 5b-55 89 23 6e f0 12 79 9d ....+h.[U.#n..y. 0030 - 82 b6 62 ef 77 f4 07 d3-5b bd 05 01 d1 6f 5a ae ..b.w...[....oZ. 0040 - dc c8 b6 4b fb f9 c2 d2-50 b9 c1 4c b6 76 fb 7b ...K....P..L.v.{ 0050 - bf 2b 26 c7 5b fb 38 fc-f9 a5 95 dd b0 91 b1 4c .+&.[.8........L 0060 - 66 1f d4 53 25 75 ef 3e-03 2d e8 cb 72 19 47 3e f..S%u.>.-..r.G> 0070 - f9 c8 52 24 d2 7f 43 24-f6 9e a8 f6 a2 ca 5d 4e ..R$..C$......]N 0080 - 5e d1 9d f2 5f b3 e8 1b-8c 68 81 6c 28 b9 c9 96 ^..._....h.l(... 0090 - ae 0a cd ab 21 7c da a3-31 7a 78 3d a2 fd e7 8b ....!|..1zx=.... 00a0 - 4e cb 77 85 07 7c 59 04-e6 0c 99 c5 18 39 e2 04 N.w..|Y......9.. 00b0 - bc 8c 28 9f 8a 34 08 f2-bc 76 27 39 e3 9e c5 29 ..(..4...v'9...) 00c0 - e2 55 61 1e fd 07 e2 3b-72 69 2b 8f 05 d7 55 8b .Ua....;ri+...U. Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4019EFF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIPPXhjwNthtFkHT/VSpG28iJweLEFrGFLipEP1rD7LWj BDAZa1L9J8Z410VJx8ytl3wJC0crS643yXqPlwqVnfuKBVc/tjC00u0qaK115Z7o cnmhBgIEZ66djKIEAgIcIKQGBAQBAAAArgYCBES3AhizAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:33 2025 GMT; NotAfter: Feb 14 01:33:33 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMzWhcNMjYwMjE0MDEzMzMzWjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgC8MGLLExqwKJ3YwhoCQzDqkzB0EBif2RXoFlIdhHD4lef+HrynKnyHs/MJ5axa q/9TRbXzxOsKSgCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUgcuyt7Ix qS0w9MApxoKOcB7ueV8wHwYDVR0jBBgwFoAUzT9aKCHrQBthOKKbbv0GtHQ3cxMw DQYJKoZIhvcNAQELBQADggEBAA+Yw3PPKesu/yxT2V/K6Q1HccH4b2ACUF+JpNoZ 4R3eXNOERBg1BYzYEWqF/y5GdqWsml98pt8ASFGzGMZQnpNrsSVa9A/DT+WDuyJZ Cyj7fDBOduoKwRWzHHmWC1ekeAqKGqpM9fdD0a6vMwUoIck0/Qgl9ZkKJWLl0Ie4 qvcz+TbIKCJB1W/3EyYRCoOvBqMvq8nJFS6jhq3tkERdgezM5BHD7TyhpBdfDceX yKi7eqEsR5ams5/roEr6IYNVT7DWECAmfYh7AvxRZTCdMKT4OSwhwW7HMrZA4ouW nxHKJud2D+th5iPaGtmk2abYzTfknxBFY50NKsYaWI8K/PQ= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9FE1BD78637246334578298496EC43AAF802B86BE03A1673A63A6B267F84F961 Session-ID-ctx: Resumption PSK: B82C19FB8865A6D8203E4949406083E4DCAD1D6654B72556BAF3516F63072FC3432CFE8FE511D0F8E83918C8D9BF2238 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 53 0c 6e 29 29 8d b5 63-a0 be ec fe ab b2 bd 43 S.n))..c.......C 0010 - 09 b4 f0 12 70 c5 01 07-17 86 0e 42 59 38 1f a5 ....p......BY8.. 0020 - 3a 9a 4c e7 ce 4f 46 b7-ac fc f9 78 df ce c5 64 :.L..OF....x...d 0030 - 44 7e 91 75 57 72 87 ab-df 02 4e da 37 34 e1 ce D~.uWr....N.74.. 0040 - 72 94 f8 92 50 6c ef 17-7b 88 b4 42 95 93 65 b8 r...Pl..{..B..e. 0050 - 10 25 01 7b c6 49 76 f9-e8 33 75 88 29 88 4e 37 .%.{.Iv..3u.).N7 0060 - e0 c2 44 71 45 4e 33 61-d9 11 85 25 24 53 27 6a ..DqEN3a...%$S'j 0070 - 47 7c 70 9c 42 92 c5 48-36 fd 50 a4 cd 3f e9 ef G|p.B..H6.P..?.. 0080 - d1 7e 96 4b 3a 9d 8d 1f-85 17 48 f2 dd 8b f2 bc .~.K:.....H..... 0090 - d7 96 87 48 ab ed 1b e5-2a 40 dd d0 af 47 4c 10 ...H....*@...GL. 00a0 - 0e 34 f2 e8 d5 bb 71 e5-8e 08 b3 04 60 72 74 63 .4....q.....`rtc 00b0 - d2 ca 49 e7 68 4d 44 d9-8c a6 91 d0 b5 ed c6 5a ..I.hMD........Z 00c0 - aa da 13 06 21 e7 e3 9d-53 3c 2c 8a 6c fe 30 2c ....!...S<,.l.0, Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: D64AD44B09E399FA8B9EF60156F7E26BA83E0341F667330032B194BF0CD60580 Session-ID-ctx: Resumption PSK: CD9E7C4764AECDCDAD9303AF21912BD6F0D3147A3B9C7CB827393DC795B46AFAFC787FF2FADD49434C60DEDE73C7CE0C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 53 0c 6e 29 29 8d b5 63-a0 be ec fe ab b2 bd 43 S.n))..c.......C 0010 - 16 8f cd 09 b4 a8 b9 82-22 17 ae db 96 c8 32 22 ........".....2" 0020 - 8c a1 a9 54 3e 16 8b d5-92 2f e5 db 63 0d 2f 23 ...T>..../..c./# 0030 - 91 5a 1b d9 a2 a1 01 0b-a0 25 2e 16 b2 07 9b 0f .Z.......%...... 0040 - 60 cd e2 91 8c 96 2d 39-29 31 b1 5f b8 fb 85 13 `.....-9)1._.... 0050 - fe 3e fa 2c a2 7f 3c 99-42 dc 48 68 79 c1 59 96 .>.,..<.B.Hhy.Y. 0060 - 90 44 4a d3 ac 75 c9 27-f2 1b 6b 78 6d 57 80 06 .DJ..u.'..kxmW.. 0070 - 06 a3 2e 93 15 87 ba d9-3f e3 e5 11 f3 8d 5d c3 ........?.....]. 0080 - 66 61 5e 77 4a d1 63 48-7a e6 43 12 65 0f 1d c0 fa^wJ.cHz.C.e... 0090 - f1 49 c4 84 50 5c c5 34-63 8c 2e e2 78 68 ea 4f .I..P\.4c...xh.O 00a0 - 6d f4 12 f2 e8 fb 26 89-59 03 8e 3a c9 67 7a 5f m.....&.Y..:.gz_ 00b0 - 03 69 b3 f3 d0 94 d2 9d-96 62 61 0e a8 de 9f ec .i.......ba..... 00c0 - 67 53 d2 d3 ce 48 20 64-b3 7b ce 4b 19 70 8f 29 gS...H d.{.K.p.) Start Time: 1739496844 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4089F7F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIP1B0IKKkTeMlT4lGadmFYHFQ9OhiqQ7TR20fTBnKDLr BDDNnnxHZK7Nza2TA68hkSvW8NMUejucfLgnOT3HlbRq+vx4f/L63UlDTGDe3nPH zgyhBgIEZ66djKIEAgIcIKQGBAQBAAAArgYCBAU5IpOzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANJNT4F6US15/IHadHv/6WeiTgsgmg3KGVId LumDLiYSjkYyP7CwLHwCXT5bmOCzFoWt1b/3pFpT0T/iisDy+9ZdCCJR1nopqpHm 15JRL0QC3/Q/yipo6wVbEqEvab1hH4eCSdlNI2gsVU9PzmditpWfqbAKGlB0MttU AEz6wfrgNzUMf1hGEea4X5wlqkiOyUDJzhKbk1HwrHz3OBEa3H9WLGlJONegI3Ye P5dy4khJ1ihvIbUaToafUm4f6i04KM6h/YkUW8X/y5wWrJl0UMV5l/RLvBlN7iBd kF/nIz6k7Qub5InmCoeZWEk3BTOSAFtm95qPD1FBHTtG7C29pjsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQ70kxBR8Ux9/IntqKGnGtmXiEobTAf BgNVHSMEGDAWgBTNP1ooIetAG2E4optu/Qa0dDdzEzANBgkqhkiG9w0BAQsFAAOC AQEAV++snb3MGJS+siRU+UZz/neuBqR2pKuLjD2DTYO1i1+wTwd028RBgX54I6mM C2rven3eaaqXEPc6WZ8UehUH1MfoXr74LRmJVUiRYGq+xabzMsGxraKTwVUwdKA2 n9TerAp7/I9t4svaKykOqvljZOuNKRtKkspSLQIQ+/fs4LXketyKknL6xlVK5W/f BPM/i6liSFJ39WGvWHILXPv8/+W7/9Zxqf6cV+AsiJBTfKsdbHb8CmDTfkNN5L74 6ZLM90C4uqp8W3L61krNf0T9BkmKgxTkqff3bk21x98foyfPbKU+TjCxbD0WkZhl 4vdXvmyeVvRVgjDf6ZQgL6K+CA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: F09A85C82A98CAD1B0A2E440552FF6E1DC6D3266D2B41F07D949D4872EC25AB6 Session-ID-ctx: Master-Key: 3061874E9950F0CC8502651D28B0C8FB1C4A8B2DBAB074403268EA73C6BF90EAD3DD69D3A77E7941740F16AA5FA38809 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 77 a1 06 ff 9f c3 f7 99-9d 8d 8e 78 df d5 f1 84 w..........x.... 0010 - c3 65 1b 58 16 bb 22 f7-6b 45 92 67 e3 8a 88 e2 .e.X..".kE.g.... 0020 - dd fb 3b 71 0f 2e 7f 93-cb 70 06 bf ce ff 89 a3 ..;q.....p...... 0030 - f5 50 99 da b1 f6 20 04-35 8b 23 38 bf 0d b0 57 .P.... .5.#8...W 0040 - c9 f3 8c f3 c1 38 47 67-65 84 de 27 26 e2 c9 c7 .....8Gge..'&... 0050 - cd e2 30 22 77 cd 82 eb-a3 b3 d6 d4 36 bb 51 b2 ..0"w.......6.Q. 0060 - 1b f5 da 4d 61 c0 40 fa-fd 36 48 e1 17 0f d0 32 ...Ma.@..6H....2 0070 - a8 e1 c3 c0 4b c7 af ae-76 2c 2f 0a b4 15 23 58 ....K...v,/...#X 0080 - d8 ef e2 45 dc 9b 85 70-9b f5 e5 ca b0 d3 3e b4 ...E...p......>. 0090 - d5 65 e7 35 c7 fc 87 c1-02 30 66 d0 a9 fe b4 60 .e.5.....0f....` 00a0 - c1 8b 88 31 6e bc 6d c4-51 d4 14 d9 a7 a9 50 c5 ...1n.m.Q.....P. Start Time: 1739496845 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4009FAF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDAwYYdOmVDwzIUCZR0osMj7HEqLLbqwdEAyaOpzxr+Q 6tPdadOnfnlBdA8Wql+jiAmhBgIEZ66djaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANJNT4F6US15/IHadHv/6WeiTgsgmg3KGVId LumDLiYSjkYyP7CwLHwCXT5bmOCzFoWt1b/3pFpT0T/iisDy+9ZdCCJR1nopqpHm 15JRL0QC3/Q/yipo6wVbEqEvab1hH4eCSdlNI2gsVU9PzmditpWfqbAKGlB0MttU AEz6wfrgNzUMf1hGEea4X5wlqkiOyUDJzhKbk1HwrHz3OBEa3H9WLGlJONegI3Ye P5dy4khJ1ihvIbUaToafUm4f6i04KM6h/YkUW8X/y5wWrJl0UMV5l/RLvBlN7iBd kF/nIz6k7Qub5InmCoeZWEk3BTOSAFtm95qPD1FBHTtG7C29pjsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQ70kxBR8Ux9/IntqKGnGtmXiEobTAf BgNVHSMEGDAWgBTNP1ooIetAG2E4optu/Qa0dDdzEzANBgkqhkiG9w0BAQsFAAOC AQEAV++snb3MGJS+siRU+UZz/neuBqR2pKuLjD2DTYO1i1+wTwd028RBgX54I6mM C2rven3eaaqXEPc6WZ8UehUH1MfoXr74LRmJVUiRYGq+xabzMsGxraKTwVUwdKA2 n9TerAp7/I9t4svaKykOqvljZOuNKRtKkspSLQIQ+/fs4LXketyKknL6xlVK5W/f BPM/i6liSFJ39WGvWHILXPv8/+W7/9Zxqf6cV+AsiJBTfKsdbHb8CmDTfkNN5L74 6ZLM90C4uqp8W3L61krNf0T9BkmKgxTkqff3bk21x98foyfPbKU+TjCxbD0WkZhl 4vdXvmyeVvRVgjDf6ZQgL6K+CA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 79885B054BCAA1B17FD1B1D5BF1C367388E0CB9C5566986327C71EEBA1DD9B7E Session-ID-ctx: Resumption PSK: 143F34BBC0C3C64C2C7C4F931BB9798A2A233831D4C8D7AF0D066A06B037A2474262716BE95B142D8F47862ED07D110C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 31 b6 73 b3 b3 ba 30 88-f3 b7 19 6a 95 49 0e 19 1.s...0....j.I.. 0010 - a6 39 82 95 98 15 4f d5-a2 79 6b ee c0 75 f4 3b .9....O..yk..u.; 0020 - b4 d3 c8 d0 cc b8 61 c1-47 96 a6 fc cc 41 aa dc ......a.G....A.. 0030 - 85 12 8c 55 ce be af d5-81 be e9 7e 22 3a 7c 8c ...U.......~":|. 0040 - f1 c7 3c 49 d3 59 e3 60-3c df 95 56 37 b9 85 1a ..[......+. 0020 - e5 28 a3 f9 39 75 53 d5-fe 6b b0 6d e1 e2 63 90 .(..9uS..k.m..c. 0030 - 6f e5 4c 06 93 0b 9d c9-63 d6 eb 4b cf 2f 75 8d o.L.....c..K./u. 0040 - 3d 74 20 16 4d a0 2f a3-76 5a 52 b0 31 f6 56 46 =t .M./.vZR.1.VF 0050 - 12 b6 48 27 d0 14 ba 17-c9 f3 51 4c 69 4b 0d 2e ..H'......QLiK.. 0060 - 59 89 e3 60 fc 31 fd 48-85 62 51 86 4a d1 b4 55 Y..`.1.H.bQ.J..U 0070 - 88 06 09 9f 9e 8d 66 87-5b 0b da c3 08 eb a7 73 ......f.[......s 0080 - 00 1f 2d f3 b9 5d 6c 4b-1b 2e 4c b9 6c 12 dc 06 ..-..]lK..L.l... 0090 - d7 07 58 dc fc 3e fb 74-e8 a0 ba de e8 16 c3 e8 ..X..>.t........ 00a0 - 74 cf 7c b8 9e 19 12 b1-a2 c5 e4 34 ae 6b 77 80 t.|........4.kw. Start Time: 1739496845 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 4089F4F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDB7rBR3CsPuEJJNH/oWpvrTeqRyFHlDgLdq6IYiCyZq DJEml5b42Yfsd/Wh4HooIhqhBgIEZ66djaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 TLS SUCCESSFUL Q Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 14 01:33:32 2025 GMT; NotAfter: Feb 14 01:33:32 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE0MDEzMzMyWhcNMjYwMjE0MDEzMzMyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQZucUjqhC8aAKP4atikv9tjh++C6HCbByGjjdbpVt7AMHs 4Op0VgzIbaasfunBfuIfr/zFMWR2CcQtZg9ZyEAio4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFPGz+sl6kNXoadZxfBtByzFykfXTMB8GA1UdIwQYMBaAFM0/ Wigh60AbYTiim279BrR0N3MTMA0GCSqGSIb3DQEBCwUAA4IBAQBPYj1b0kuufG+E 3L76kpoUEDNYWSvUII7dePkNbmTD17tNsJCXFIk2knBrAUhw/lfnkvTTTTIZQZQC /SI1SmnZPowQYR1qArhP99+d8axp1N6N6z+ZzokX9bw96AF91KDFuRflCvnXZJl2 sa6Jdx/ZGVobbLC1xsYmblR/yp1AwKS5qf9dQYaFgcszfWkcbLr2QmGUteBLbDVs D3t8kuhLGO51v3F1bd9FbsV530dVboo6dYmZD4hhcHIiOMrPEq2frYD9v/rzc8ME B3+6UyzbOjFDIQxnKoGBr+M+18yMU1zCRyjVAAVPJeuUoQ/jsTccxlH6MQQNj/1R cqFKt/NK -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: CFFF41CC9E641AA64FD580089CB90784CEB713956DE0488390AEDD786F99CEF6 Session-ID-ctx: Resumption PSK: E10E5C81B81D8895FF413A3474E02AFD42835FE09930BADB456F02C5055C27D5901ADBD4929565D9BFEF271E74169AE3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 48 8d fc eb 60 bf 0f 1c-48 68 85 42 be a3 cb cf H...`...Hh.B.... 0010 - 46 fb 3e e3 12 4d 98 ab-98 7c 3f 64 5f dd d0 05 F.>..M...|?d_... 0020 - 92 0f ee ab c8 3d 23 64-f2 38 2f 89 e3 4c 91 e2 .....=#d.8/..L.. 0030 - d7 64 ab f9 6d c1 9c 00-c2 0a ea b1 ca 93 d7 75 .d..m..........u 0040 - 93 d7 3a d5 4f 73 55 b6-40 21 22 58 e4 6d 7d 2a ..:.OsU.@!"X.m}* 0050 - 6c ad 5f 77 6f b0 0c 69-9d 94 a1 48 d7 3c 18 80 l._wo..i...H.<.. 0060 - 58 2c 34 61 9b 08 2e 85-4c 77 df 03 ad f0 e9 90 X,4a....Lw...... 0070 - 61 f2 bf 3d ca 4a db 08-5a 77 a7 f8 f4 09 8a c2 a..=.J..Zw...... 0080 - b2 43 2a 4d fa d4 83 9c-b5 59 85 8f e1 94 92 82 .C*M.....Y...... 0090 - 38 a6 7b e6 f6 71 5e dc-1e ed 39 ef f7 78 ec 96 8.{..q^...9..x.. 00a0 - da 46 52 34 c8 ee 2a 7f-79 30 04 af 60 5c 43 81 .FR4..*.y0..`\C. 00b0 - c4 04 cb 47 ce 8c b7 cf-d1 0c f1 58 c4 63 55 93 ...G.......X.cU. 00c0 - 57 79 c6 26 4c c8 7e b3-e9 5e 9c c5 21 4b d6 dd Wy.&L.~..^..!K.. Start Time: 1739496846 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 63078018BB047233332AB95C653B0C2E7D14E03642B23373EF0D11BE0BAB1464 Session-ID-ctx: Resumption PSK: 7F248E8D5A86DBEB04A76C64954785BCD7885B906CE5AF493CD31D38D612A44CC259A5500A82EF88FBA97A50D893374E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 48 8d fc eb 60 bf 0f 1c-48 68 85 42 be a3 cb cf H...`...Hh.B.... 0010 - 81 4e 1b 8b c5 99 37 e3-9b 9c 54 04 3a ec 6d 4c .N....7...T.:.mL 0020 - 38 24 81 cd 4f fd 56 05-fb 7e 11 c0 e7 94 11 b2 8$..O.V..~...... 0030 - a0 98 e8 b7 ce c0 6c ca-6b 2d 26 69 52 a5 16 0e ......l.k-&iR... 0040 - 5a 75 8d bd 56 67 7e fd-40 33 57 f3 db df 58 0f Zu..Vg~.@3W...X. 0050 - 64 9e 11 45 da d3 44 79-4b 94 79 a4 d3 6b 41 5d d..E..DyK.y..kA] 0060 - be e1 c3 2f 66 2e e3 dd-1f 3b e4 66 ee 7c 56 16 .../f....;.f.|V. 0070 - 1e c4 a5 41 a8 92 37 4a-af 8b 1a e6 38 5b fb 94 ...A..7J....8[.. 0080 - 50 6d 3a dd e8 2b 16 ba-4a 8c f5 74 b1 6d 59 d8 Pm:..+..J..t.mY. 0090 - 84 33 e0 14 85 8b 1c 0b-b3 cb 51 95 36 f5 f2 e3 .3........Q.6... 00a0 - c1 bf 2d ab 44 e7 18 19-25 07 fb a0 00 4c fc 04 ..-.D...%....L.. 00b0 - 0a ec 80 81 18 71 62 9c-80 37 73 23 b6 e4 68 bf .....qb..7s#..h. 00c0 - c6 f5 63 22 9b 42 fd cd-b6 b7 5a c7 c8 6f c8 59 ..c".B....Z..o.Y Start Time: 1739496846 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4009F9F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIC1rlUGGruAQNPggZlWKQbJR2Hz2v8uMBwSvR/sZF29c BDB/JI6NWobb6wSnbGSVR4W814hbkGzlr0k80x041hKkTMJZpVAKgu+I+6l6UNiT N06hBgIEZ66djqIEAgIcIKQGBAQBAAAArgcCBQDwTG7RswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIC1rlUGGruAQNPggZlWKQbJR2Hz2v8uMBwSvR/sZF29c BDB/JI6NWobb6wSnbGSVR4W814hbkGzlr0k80x041hKkTMJZpVAKgu+I+6l6UNiT N06hBgIEZ66djqIEAgIcIKQGBAQBAAAArgcCBQDwTG7RswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 75/92 pkcs11-provider:softhsm / tls OK 3.69s 76/92 pkcs11-provider:kryoptic / tls RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=226 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.01s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=76 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.01s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=18 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.01s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> MALLOC_PERTURB_=246 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.02s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=240 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.01s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=238 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.01s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=248 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.01s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=71 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%F9%1A%C6%87%2B%3E%C2%47%7C%D4%01%BC%00%64%45%2F;object=Test-Ed-gen-f91ac687;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%F1%61%7A%2A%D3%5C%5E%E3%F0%8E%31%CB%F9%17%02%3F;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%E7%89%4D%8A%EA%AE%74%AB%8E%60%C9%65%2A%17%7B%F8;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%9B%49%B8%48%1C%4E%A0%54%37%70%24%6D%C6%B7%5C%98;object=Test-RSA-gen-9b49b848;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0C%8F%54%19%04%5B%1C%F9%03%9B%DF%E6%79%F1%BC%0C;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%ED%18%EF%1E%57%89%24%2E%29%F3%8A%58%E3%22%4C%48;object=Test-EC-gen-ed18ef1e;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%48%73%E0%AA%7A%FC%9C%43%B8%D3%E9%5D%E8%EF%0F%5C;object=Test-RSA-PSS-gen-4873e0aa;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%59%8A%66%63%F5%89%1B%A1%FC%69%FE%93%93%02%79%91;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%0B%B4%49%41%92%5D%7A%DE%FC%7D%F3%74%68%03%5C%E4;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%5D%03%5B%4D%7F%3F%94%46%9D%EE%21%B2%E7%69%2F%85;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%BE%05%EF%DF%38%26%39%6A%E8%65%81%0D%DA%8E%5F%DE;object=Test-RSA-Key-Usage-be05efdf;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=37b0efc36027fc61;token=SoftHSM%20Token;id=%D1%F0%90%47%AF%E0%1C%6B%77%99%0E%E3%B0%3F%B4%73;object=Test-Ed-gen-d1f09047;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=37b0efc36027fc61 openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%00%00 openssl storeutl -text "pkcs11:${cmp}" $cmp=object=caCert openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 2.17s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=68 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.01s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=255 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.01s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=120 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.02s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=213 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.01s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=230 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.01s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=190 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.01s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=159 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.01s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=195 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.01s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=203 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.01s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/meson-logs/testlog.txt create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-i686-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/i386-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-1_i386.deb'. dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-1_i386.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-1_i386.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-1_i386.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/41144 and its subdirectories I: Current time: Thu Feb 13 13:34:16 -12 2025 I: pbuilder-time-stamp: 1739496856